Hacked Sites — Analysis of 329 Security Interventions Since 2018

Your site shows a blank page, redirects to an online casino, or Google flags it as dangerous? You're not alone. Since 2018, MonSiteBug has handled 329 security-related interventions — hacking, viruses, malware, exploited vulnerabilities, credit card skimmers.

This article is an exclusive study based on our real data. No theory: hard numbers from our 8,809 support tickets and concrete cases handled by our team.

Cyberattack trends: 2019–2026

Security intervention requests have grown significantly, with spikes linked to major publicly disclosed vulnerabilities:

February 2026 alert: In a single quarter, we already reached 29 security interventions — a new quarterly record. The cause: a PrestaShop security alert email about Digital Skimmers triggered a massive wave of verification and audit requests starting February 12.

Breakdown by attack type

Out of our 329 security interventions, here's the distribution of attack types we've handled:

Note: a single ticket may combine multiple attack types. Many tickets categorized under generic terms ("security", "verification") actually cover hackings or malware.

The Digital Skimmer wave of February 2026

The most recent and intense event in our history: 23 security tickets in February 2026, concentrated in a single week.

What happened

On February 12, 2026, PrestaShop sent a security alert email to all merchants about a Digital Skimmer threat — malware that replaces or modifies payment buttons to intercept credit card data. The alert triggered an immediate flood of requests.

Timeline

• February 12 — 10 tickets in a single day: "Digital Skimmer verification", "Security audit", "PrestaShop security alert", "Security threat detected by email"
• February 13 — "Security verification for malware replacing payment buttons", "prestashop security alert"
• February 16-20 — "verification following prestashop security alert", "Security audit", "hack paiement", "Site hacked", "Digital skimmer verification"
• February 23-26 — "CB tester - 3rd edition!", "Security issue"

What we observed

Digital Skimmers are particularly dangerous because:

• They are invisible to the merchant — the site works normally
• They intercept credit card data in real-time during checkout
• They can remain active for weeks before detection
• They are often injected via a vulnerability in an outdated third-party module

Result: Q1 2026 became our busiest security quarter with 29 interventions, nearly matching the previous record of Q3 2022 (30 interventions during CVE-2022-31181).

The PrestaShop vulnerability of July 2022: anatomy of a crisis

What happened

A SQL injection vulnerability (CVE-2022-31181) allowed attackers to execute arbitrary code on PrestaShop stores. Hackers massively exploited it to inject credit card skimmers into payment pages.

Impact on our clients

• 30 interventions in Q3 2022 — the quarterly record at the time
• Real ticket titles: "faille prestashop", "FAILLE DE SECURITE", "JE CROIS QUE JE VIENS DE ME FAIRE PIRATER"
• Some merchants discovered the hack weeks after infection

Lesson learned: Merchants with up-to-date PrestaShop were not affected. Those 2-3 versions behind were the first victims.

Real cases from our tickets

Case #1 — Credit card skimmer (Ticket #5268)

Original title: "Désinfection de virus JS/Spy.Banker.IV"

A PrestaShop merchant contacts us after their antivirus detected a JS/Spy.Banker script on their store — a skimmer intercepting credit card data during checkout.

Case #2 — Recurring hacking (Tickets #4630, #8131)

Original titles: "Spidernet de nouveau infecté", "URGENT : malware revenu"

Some sites return after a first cleanup because the original vulnerability was not fixed. Cleanup without patching guarantees reinfection.

Case #3 — Japan SEO Hack (Tickets #8091, #8092)

Original titles: "Seo japan hack", "Hack japan seo"

Hackers inject thousands of Japanese pages to exploit the site's SEO authority. The owner sees nothing — pages only appear in Google results.

Case #4 — WordPress cloaking (Ticket #8640)

Original title: "Demande d'intervention – site WordPress compromis (cloaking / contenu frauduleux)"

The site shows completely different content to search engines (pharmacy, casino) than to human visitors.

Case #5 — Digital Skimmer wave February 2026 (Tickets #8679, #8680, #8692)

Original titles: "Verification présence de Digital Skimmer sur notre site", "digital skimmer", "Vérification de sécurité pour malware remplaçant les boutons de paiement"

Following the February 2026 PrestaShop alert, dozens of merchants contacted us. Some were indeed compromised — the malware replaced payment buttons with copies that sent card data to a third-party server.

Most intense quarters

Our 4-step cleanup methodology

Step 1 — Situation analysis

Before any action, we analyze the extent of the attack: malware type, hacker's objective, affected files, and how long the site has been compromised.

Step 2 — Cleaning infected files

We compare each file with CMS originals to identify malicious modifications. Backdoors, shells, injection scripts — everything is removed.

Step 3 — Finding and patching the vulnerability

The most critical step. Cleanup without fixing the entry point guarantees reinfection within days — we've seen it on recurring tickets.

Step 4 — Hardening and monitoring

All passwords changed, CMS and modules updated, WAF installed, file modification alerts configured.

Security checklist: protect your site

• Update your CMS and modules — The 2022 PrestaShop vulnerability and 2026 Digital Skimmers only affected outdated sites
• Use strong, unique passwords — Minimum 12 characters with 2FA enabled
• Remove unused plugins and themes — A deactivated plugin still on the server remains exploitable
• Back up regularly — Automated weekly minimum, stored off-server
• Use HTTPS — SSL certificate required, HTTP → HTTPS redirect
• Restrict back-office access — Change default admin URL, IP restrict if possible
• Monitor your files — Alert tool for suspicious file modifications
• Keep PHP up to date — Obsolete PHP versions contain known security flaws

When should you act urgently?

• You receive a PrestaShop security alert email about a vulnerability
• Google shows "This site may have been hacked" in search results
• Your site redirects to another site (casino, pharmacy, adult content)
• Unknown pages in Japanese or Chinese appear in Google Search Console
• Your host suspends your account for malicious activity
• Customers report fraudulent charges after purchasing on your site
• You find unknown files on your FTP server
• Your antivirus blocks access to your own site

Don't wait: The longer a site stays compromised, the greater the damage — lost rankings, stolen customer data, Google blacklisting. Every hour counts.

PrestSecure: our antivirus solution for PrestaShop

Facing the constant increase in attacks (261 in 2024-2026 for bots and skimmers alone), we developed PrestaSecure — a PrestaShop antivirus designed to protect your e-commerce store against malware, injections, and credit card skimmers.

PrestaSecure continuously monitors your store and detects threats before they cause damage:

• Digital Skimmer detection — Immediate alert if a malicious script is injected into your payment pages
• Modified file scanning — Automatic comparison with original CMS files
• Known vulnerability monitoring — Proactive alerts when a CVE affects your installed modules
• Security dashboard — Overview of your store health status

Prevention over cure: A site cleanup costs from EUR345 excl. VAT. A PrestaSecure subscription costs a fraction of that and saves you the stress, lost revenue, and compromised customer data.

If your site is already compromised, we also offer a complete cleanup and disinfection service — analysis, cleanup, vulnerability patching, and post-intervention hardening.

Our security numbers at a glance

Why trust us with your site security?

Since 2018, we've cleaned and secured hundreds of compromised websites. Our success rate is 100%: every site we've handled has been restored, without exception.

• 329 security interventions — expertise forged in the field, not in theory
• Fast response — We take action within hours of your request
• Complete diagnosis — We don't just clean, we find and fix the vulnerability
• Multi-CMS expertise — PrestaShop, WordPress, WooCommerce, Joomla...
• Anti-reinfection guarantee — If reinfected via the same vulnerability within 30 days, we intervene free of charge
• Transparency — Detailed report of everything done, vulnerability identified, and recommendations