on 06-12-2025 the site went down for a few minutes, then this problem came out on the admin side in the admin part of prestashop
What steps have you taken to resolve the issue?
on 06-12-2025 the site went down for a few minutes, then this problem came out on the admin side in the admin part of prestashop. in the chrome console you see security errors due to files that are loaded from prestashop and it sees as unsafe, then it does not keep the login session of the configuration page and exits the page immediately.
I think a cloudflare security system was activated, as a consequence of the down I had yesterday for a few minutes of the site, and it activated a security system that is now creating problems and I do not know how to solve it.
by deactivating cloudflare, after a few minutes everything works again, but the site needs protection
I add more images
Yesterday morning everything was working fine, now it’s not, how can I understand what’s causing problems and how to remove this cloudflare block
Do you know why the site went down? Was it an attack or malware? One of your screenshots list a file as compromised. You can check your audit log to see any configuration changes https://dash.cloudflare.com/?to=/:account/audit-log, but cloudflare would not alter your security configuration aside from ssl/tls setting when you select Automatic.
Hi @cloonan
I don’t know the reasons why the site was down for a few minutes, it’s a very large site with 300,000 products.
I scanned all the files and there are no infected files, it’s not a problem with prestashop or the server; it doesn’t have mod_security.
if I disable cloudflare those errors that I showed disappear, if I enable it they reappear and make me exit the prestashop control panel.
now i re-enabled cloudflare, disabled all the WAF rules and it started kicking me out of the control panel again and there are the compromised security warnings again. It’s the first time it’s done this
before the purge there are no strange things.
I have other large sites with cloudflare, same prestashop, 95% same modules and same graphics made by me, same hosting, same cloudflare configurations.
How do you ask cloudflare support to do a verification of the account and the error?
You’d need to create an Account case with Support. If you keep getting the error, can you create an Account case and share your case number here? You can open an Account case here, https://dash.cloudflare.com/?to=/:account/support
Hi
I kept cloudflare disabled for all these days and the site worked well, but now the site would not load anymore, I guess because of hacker attacks and I had to reactivate cloudflare, the site came back online but in the prestashop control panel the same errors as before returned, which does not save anything and exits the login as soon as you enter
here you give generic answers without giving useful advice and the problem continues to occur
this one should be the case id of ticket: 500Nv00000OgkrsIAB
but no one ever really answered
I’m thinking of deleting the dns configuration and recreating it
It’s not, the case ID is 01603040. In looking at your audit log, I do see a ruleset update by a different member of your account, https://dash.cloudflare.com/?to=/:account/audit-log. Does the time of that change coincide with when you began to encounter issues?
Hi
the problem started on June 12th at 14:11.
I made the changes with my gmx.com account, I don’t use my client’s account
there are no reports in the log before this moment.
at the moment I am forced to keep cloudflare disabled, otherwise the company cannot work in the control panel.
so it exposes the site to hacker attacks. today i wanted to delete every configuration and try again from scratch, maybe i will do it tomorrow, unfortunately i have to go for exclusions, are you able to log into the account and see the settings?
i also deactivated the 3 WAF rules so i dont know what to do. if i deactivate cloudflare it goes back to normal, if i activate it those security problems are created. i thought it was a problem with ssl certificates but i dont think so, not even the rules are the problem since they are deactivated. i checked the settings several times. Argo is active, i dont know if it could depend on this, but i dont think it has anything to do with the security error messages. i honestly dont know what it could depend on, im not too expert on these things, i dont have full access to the server and the site is very big and with many users so i cant go randomly and make mistakes. the site has nothing to do with it, or it depends on the server or cloudflare, but i dont understand why if i deactivate then these problems disappear. In the past it had happened on other sites too, but only when I activated cloudflare for a few dozen minutes, but here it’s different
