\u013baunpr\u0101t\u012bga koda no\u0146em\u0161ana no WordPress vietnes nav viegls uzdevums. Tie\u0161i \u0161\u012b iemesla d\u0113\u013c \u0161\u0101di pakalpojumi da\u017ek\u0101rt var maks\u0101t l\u012bdz simts eiro par vietni. Un pat \u0161\u0101dos gad\u012bjumos ne vienm\u0113r var b\u016bt 100% p\u0101rliecin\u0101ts, ka \u0161\u0101du pakalpojumu sniedz\u0113js savu uzdevumu ir izpild\u012bjis 100%. Jaun\u0101kie p\u0113t\u012bjumi liecina, ka pat 84% viet\u0146u satur ievainojam\u012bbas. Tas noz\u012bm\u0113, ka jebkura no tiem var infic\u0113ties jebkur\u0101 laik\u0101. \u0160aj\u0101 visaptvero\u0161aj\u0101 rokasgr\u0101mat\u0101 j\u016bs uzzin\u0101sit, k\u0101 no\u0146emt \u013caunpr\u0101t\u012bgu programmat\u016bru no savas WordPress vietnes, k\u0101 nov\u0113rst ievainojam\u012bbas, k\u0101 no\u0146emt vietni no melnajiem sarakstiem un k\u0101 nov\u0113rst l\u012bdz\u012bgas nelaimes n\u0101kotn\u0113.<\/p>\n
Daudz kas ir atkar\u012bgs ar\u012b no hostinga. Piem\u0113ram, ja apak\u0161map\u0113 vai apak\u0161dom\u0113n\u0101 ir instal\u0113ta cita vietne un t\u0101s abas atrodas vien\u0101 un taj\u0101 pa\u0161\u0101 hosting\u0101, l\u016bdzu, izol\u0113jiet t\u0101s. Ja jums ir vair\u0101kas vietnes vien\u0101 hosting\u0101, neaizmirstiet, ka ar katru no t\u0101m b\u016bs j\u0101veic l\u012bdz\u012bga darb\u012bba. Ja jums ir citas vietnes, noteikti izol\u0113jiet t\u0101s vienu no otras, jo \u013caunpr\u0101t\u012bgs kods var p\u0101riet no vienas vietnes uz citu.<\/p>\n
Ir \u013coti svar\u012bgi, lai \u013caunpr\u0101t\u012bg\u0101 koda no\u0146em\u0161anas laik\u0101 neviens, iz\u0146emot j\u016bs, nevar\u0113tu piek\u013c\u016bt vietnei. Da\u017ei hostinga pakalpojumu sniedz\u0113ji \u013cauj j\u016bsu vietn\u0113m iestat\u012bt labo\u0161anas re\u017e\u012bmu.. Tom\u0113r, ja j\u016bsu hostingam nav \u0161\u0101da pakalpojuma, varat blo\u0137\u0113t piek\u013cuvi vietn\u0113m \u0161\u0101di:<\/p>\n
Atveriet savu .htaccess failu (da\u017eos gad\u012bjumos htaccess.txt) un iel\u012bm\u0113jiet t\u0101l\u0101k nor\u0101d\u012bto kodu t\u0101 galven\u0113 (tikai neaizmirstiet nomain\u012bt IP uz savu):<\/p>\n
order deny,allow Atveriet failu nginx.conf un ievadiet taj\u0101 \u0161\u0101das rindas:<\/p>\n location \/ { \u013boti bie\u017ei FTP piek\u013cuves, k\u0101 ar\u012b j\u016bsu hostinga administratora pane\u013ca parole un lietot\u0101jv\u0101rds tiek nozagti, izmantojot da\u017e\u0101dus keylogger vai citus datorv\u012brusus. T\u0101p\u0113c ir \u013coti svar\u012bgi, lai datoros, no kuriem piek\u013c\u016bstat administratora panelim vai FTP, b\u016btu instal\u0113ts k\u0101ds antiv\u012bruss. Piem\u0113ram, profilakses nol\u016bkos varat sken\u0113t datoru pret v\u012brusiem, izmantojot Malwarebytes<\/a>\u00a0programmat\u016bru. T\u0101pat neaizmirstiet p\u0101rbaud\u012bt Windows iestat\u012bjumus un p\u0101rliecin\u0101ties, vai ir iesp\u0113jots ugunsm\u016bris. Kopum\u0101 neaizmirstiet regul\u0101ri atjaunin\u0101t savu OS, p\u0101rl\u016bkprogrammas un atbilsto\u0161os papla\u0161in\u0101jumus.<\/p>\n Kad esat sl\u0113dzis publisku piek\u013cuvi savai vietnei un p\u0101rbaud\u012bjis, vai dator\u0101 nav \u013caunpr\u0101t\u012bgas programmat\u016bras, nomainiet visas paroles. S\u0101ciet ar hostinga admin pane\u013ca paroli, p\u0113c tam no\u0146emiet visus FTP profilus un izveidojiet jaunus, izmantojot iepriek\u0161 \u0123ener\u0113tas paroles (da\u017ei hostingi pa\u0161i pied\u0101v\u0101 \u0161\u0101du pakalpojumu, ta\u010du jebkur\u0101 gad\u012bjum\u0101 vienm\u0113r varat izmantot Keepass2<\/a>, Dashlane<\/a>, LastPass<\/a> vai jebkuru citu paro\u013cu p\u0101rvald\u012bbas r\u012bku).<\/p>\n Ikreiz, kad nolemjat main\u012bt MySQL vai MariaDB (vai jebkuras citas datu b\u0101zes) paroli, jums b\u016bs j\u0101atjaunina atbilsto\u0161\u0101 inform\u0101cija fail\u0101 wp-config.php.<\/p>\n Salt tiek izmantoti, lai dro\u0161i uzglab\u0101tu paroles. S\u0101kotn\u0113ji paroles sist\u0113m\u0101 tika glab\u0101tas vienk\u0101r\u0161\u0101 tekst\u0101, bet v\u0113l\u0101k tika izgudroti papildu dro\u0161\u012bbas pas\u0101kumi. Viens no tiem ir salt. T\u0101 k\u0101 katrai parolei jauni salt tiek \u0123ener\u0113ti nejau\u0161i, ir \u013coti svar\u012bgi tos main\u012bt uz jauniem fail\u0101 wp-config.php.<\/p>\n \u0160eit varat \u0123ener\u0113t jaunus:<\/p>\n https:\/\/api.WordPress.org\/secret-key\/1.1\/salt\/<\/a><\/p>\n Piesakieties sav\u0101 WordPress vietn\u0113, atveriet sada\u013cu Lietot\u0101ji un izdz\u0113siet visus neakt\u012bvos kontus. P\u0113c tam sada\u013c\u0101 Konta p\u0101rvald\u012bba noklik\u0161\u0137iniet uz Redi\u0123\u0113t akt\u012bvajos kontos pa vienam, iesald\u0113jiet visas sesijas un noklik\u0161\u0137iniet uz \u0122ener\u0113t, lai \u0123ener\u0113tu paroles visiem lietot\u0101jiem. Tikai p\u0101rliecinieties, vai jums nav konta ar lietot\u0101jv\u0101rdu Admin vai Administrator.<\/p>\n Ja j\u016bsu hostings nenodro\u0161ina nek\u0101dus dubl\u0113jumus, noteikti lejupiel\u0101d\u0113jiet visu saturu no sava servera un datu b\u0101zes viet\u0113j\u0101 kr\u0101tuv\u0113.<\/p>\n Da\u017ei serveri nodro\u0161ina piek\u013cuvi SSH, kas var iev\u0113rojami atvieglot j\u016bsu dz\u012bvi, ja runa ir par WordPress \u013caunpr\u0101t\u012bgas programmat\u016bras no\u0146em\u0161anu. Process var at\u0161\u0137irties atkar\u012bb\u0101 no hostinga. Kad esat veiksm\u012bgi pieteicies vietn\u0113, izmantojot SSH, palaidiet \u0161\u0101du komandu: zip -r backup-pre-cleanup.zip .<\/p>\n Tas var aiz\u0146emt k\u0101du laiku, ta\u010du galu gal\u0101 tiks izveidots arh\u012bvs ar visiem failiem no j\u016bsu hostinga. P\u0113c tam varat lejupiel\u0101d\u0113t \u0161o failu tie\u0161i, izmantojot SFTP.<\/p>\n SFTP ir dro\u0161a FTP protokola versija. To izmanto, lai p\u0101rs\u016bt\u012btu failus no viena datora uz citu. J\u016bs varat ieg\u016bt savus SFTP kodus taj\u0101 pa\u0161\u0101 viet\u0101, kur ieguv\u0101t FTP piek\u013cuvi. Vienk\u0101r\u0161i neaizmirstiet, ka SFTP ports ir 22, nevis 21, piem\u0113ram, FTP. Serverim var piek\u013c\u016bt, izmantojot SFTP\/FTP, izmantojot \u012bpa\u0161as klienta programmas, piem\u0113ram, FileZilla. P\u0113c tam varat izveidot lok\u0101lo mapi sav\u0101 dator\u0101 \u2014 teiksim, nosaukt to par backup-pre-cleanup \u2014 un vienk\u0101r\u0161i izmest tur visu servera saturu. Tikai paturiet pr\u0101t\u0101, ka tas pras\u012bs vair\u0101k laika nek\u0101 failu arhiv\u0113\u0161ana, izmantojot SSH.<\/p>\n Daudziem hostinga pakalpojumu sniedz\u0113jiem ir PhpMyAdmin panelis, kas \u013cauj p\u0101rvald\u012bt datu b\u0101zi. J\u016bs varat viegli eksport\u0113t visu savu datu b\u0101zi, izmantojot atbilsto\u0161o opciju programm\u0101 PhpMyAdmin. Saglab\u0101jiet visas \u0161\u012bs lietas taj\u0101 pa\u0161\u0101 map\u0113 k\u0101 iepriek\u0161: \u201cbackup-pre-cleanup\u201d.<\/p>\n Varat ar\u012b eksport\u0113t datu b\u0101zi, izmantojot SSH, izmantojot \u0161\u0101du komandu:<\/p>\n mysqldump -p -h hostname -u username database > backup-pre-cleanup.sql<\/em><\/p>\n Tikai neaizmirstiet nomain\u012bt hostinga nosaukumu, lietot\u0101jv\u0101rdu un datub\u0101zi uz saviem (visu \u0161o inform\u0101ciju varat ieg\u016bt no faila wp-config.php). P\u0113c eksport\u0113\u0161anas, izmantojot SSH, noteikti lejupiel\u0101d\u0113jiet to sav\u0101 viet\u0113j\u0101 kr\u0101tuv\u0113 un izdz\u0113siet to no servera.<\/p>\n No \u017eurn\u0101liem var saprast, kas ir main\u012bts vai pievienots serverim. Lejupiel\u0101d\u0113jiet piek\u013cuves \u017eurn\u0101lus (ja nevarat tos atrast, pieprasiet tos no sava hostinga). Atveriet \u017eurn\u0101lus ar t\u0101du programmu k\u0101 Sublime un nospiediet ctrl + a, lai atrastu POST. Apskatiet datumus un nosakiet, vai serverim ir pievienoti papildu PHP faili.<\/p>\n Varat ar\u012b p\u0101rbaud\u012bt, kuri PHP faili nesen ir main\u012bti. Lai to izdar\u012btu, izmantojiet SSH komandu:<\/p>\n find . -type f -name ‘*.php’ -ctime -7<\/em><\/p>\n Tas pats attiecas uz JavaScript failiem\u00a0\u2014 skatiet, kuri no tiem ir nesen main\u012bti vai pievienoti:<\/p>\n find . -type f -name ‘*.js’ -ctime -7<\/em><\/p>\n -ctime -7<\/em> par\u0101d\u012bs visus modific\u0113tos failus (k\u0101 ar\u012b main\u012bt\u0101s at\u013caujas un atrib\u016btus) p\u0113d\u0113jo septi\u0146u dienu laik\u0101. Varat main\u012bt dienu skaitu atkar\u012bb\u0101 no j\u016bsu vajadz\u012bb\u0101m:<\/p>\n -7 = main\u012bts maz\u0101k nek\u0101 p\u0113d\u0113jo septi\u0146u dienu laik\u0101<\/p>\n +7 = main\u012bts vair\u0101k nek\u0101 pirms ned\u0113\u013cas<\/p>\n Dariet to visu, pirms main\u0101t vai atjaunin\u0101t lielu skaitu failu sav\u0101 WordPress.<\/p>\n Viens no visbie\u017e\u0101k sastopamajiem iemesliem, k\u0101p\u0113c j\u016bsu vietne var b\u016bt infic\u0113ta, ir novecojis kods, spraud\u0146i vai t\u0113mas. V\u0113l viens iemesls ir tas, ka vietne ir p\u0101rslogota ar spraud\u0146iem, vai v\u0101j\u0101s paroles un lietot\u0101jv\u0101rdi.<\/p>\n Pat ja esat deaktiviz\u0113jis spraudni vai t\u0113mu, tie joproj\u0101m paliek j\u016bsu server\u012b un da\u017eos gad\u012bjumos var b\u016bt tie\u0161i ievainojam\u012bbas, caur kur\u0101m hakeri var piek\u013c\u016bt jums. T\u0101p\u0113c vienm\u0113r ir lab\u0101k b\u016bt dro\u0161\u0101 pus\u0113 un no\u0146emt \u0161\u0101das lietas no servera, lai taj\u0101 neatst\u0101tu ievainojam\u012bbas.<\/p>\n PHP 8 padara j\u016bsu vietni \u0101tr\u0101ku (sal\u012bdzinot ar iepriek\u0161\u0113j\u0101m versij\u0101m) un t\u0101i ir ekonomisk\u0101ks atmi\u0146as pat\u0113ri\u0146\u0161. Ar\u012b astot\u0101 valodas versija ir daudz uzticam\u0101ka. T\u0101p\u0113c, ja jums ir k\u0101da no PHP iepriek\u0161\u0113j\u0101m versij\u0101m, jums ir j\u0101veic jaunin\u0101\u0161ana p\u0113c iesp\u0113jas \u0101tr\u0101k. Da\u017ei izstr\u0101d\u0101t\u0101ji \u0161aj\u0101s dien\u0101s ir p\u0101rtrauku\u0161i atbalst\u012bt vec\u0101kas PHP versijas, kas noz\u012bm\u0113, ka j\u016bs, iesp\u0113jams, nevar\u0113sit atjaunin\u0101t da\u017eus instal\u0113tos spraud\u0146us.<\/p>\n Daudzi uzbruc\u0113ji izmanto t\u0101 saukt\u0101s simbolisk\u0101s saites, lai piek\u013c\u016btu j\u016bsu servera saknes un vec\u0101kmap\u0113m. Da\u017ereiz simbolisk\u0101s saites paliek nepaman\u012btas, un, m\u0113\u0123inot dz\u0113st saist\u012bto mapi, varat izdz\u0113st visu server\u012b. T\u0101p\u0113c pirms failu un mapju at\u013cauju mai\u0146as p\u0101rliecinieties, vai taj\u0101 nav simbolisku sai\u0161u.<\/p>\n Lai tas nenotiktu, izmantojiet \u0161o SSH komandu (vai visur, kur redzat aizdom\u012bgu mapi)<\/p>\n find . -type l -exec unlink {} \\;<\/em><\/p>\n P\u0101rliecinieties, vai nevienam j\u016bsu servera failam vai mapei nav iestat\u012btas at\u013caujas uz 777. P\u0113c noklus\u0113juma vis\u0101m WordPress map\u0113m ir j\u0101b\u016bt iestat\u012bt\u0101m uz 750, bet visiem failiem (iz\u0146emot wp-config.php, kura v\u0113rt\u012bba var b\u016bt pat 400) v\u0113rt\u012bbai ir j\u0101b\u016bt 640. Varat main\u012bt visu mapju piek\u013cuves ties\u012bbas, izmantojot SSH, uz 750 tikai ar vienu komandu:<\/p>\n find \/path\/to\/your\/WordPress\/install\/ -type d -exec chmod 750 {} \\;<\/em><\/p>\n Un, lai main\u012btu visas faila piek\u013cuves ties\u012bbas uz 640, p\u0113c tam atkal caur to pa\u0161u SSH, izmantojiet komandu:<\/p>\n find \/path\/to\/your\/WordPress\/install\/ -type f -exec chmod 640 {} \\;<\/em><\/p>\n Izmantojot SSH, j\u016bs varat main\u012bt wp-config.php at\u013caujas uz 400, izmantojot \u0161\u0101du komandu (vienk\u0101r\u0161i p\u0101rliecinieties, vai t\u0101 darbojas vispirms, un, ja nepiecie\u0161ams, mainiet at\u013caujas uz 440; ja t\u0101 nav, pieturieties pie noklus\u0113juma):<\/p>\n chmod 400 \/path\/to\/your\/WordPress\/install\/wp-config.php<\/em><\/p>\n Ir iesp\u0113jas padar\u012bt lietas v\u0113l stingr\u0101kas, ta\u010du tas ir atkar\u012bgs no pa\u0161a hostinga. Vair\u0101k par failu at\u013cauj\u0101m varat las\u012bt no WordPress Codex.<\/p>\n \u0160aj\u0101 sada\u013c\u0101 m\u0113s apskat\u012bsim da\u017e\u0101dus atv\u0113rt\u0101 koda r\u012bkus \u013caunpr\u0101t\u012bgu failu noteik\u0161anai gan autom\u0101tiskaj\u0101, gan manu\u0101laj\u0101 re\u017e\u012bm\u0101. M\u0113s vienm\u0113r dodam priek\u0161roku manu\u0101lajai opcijai, jo tas ir vien\u012bgais veids, k\u0101 vislab\u0101k izprast, k\u0101 tas viss darbojas, un b\u016bt mier\u012bgam, zinot, ka esat izdar\u012bjis visu, lai vietni pareizi izt\u012br\u012btu.<\/p>\n Izveidojiet jaunu WordPress instal\u0101ciju un instal\u0113jiet tie\u0161i tos pa\u0161us spraud\u0146us un t\u0113mas k\u0101 vecaj\u0101. Izveidojiet mapi Compare un pievienojiet tur divas mapes \u2013 Clean un Infected. Izmantojot SFTP, lejupiel\u0101d\u0113jiet jauno WordPress un nometiet to map\u0113 Clean, p\u0113c tam atveriet vec\u0101s WordPress dubl\u0113jumu un kop\u0113jiet to map\u0113 Infected. Lejupiel\u0101d\u0113jiet programmu Beyond Compare un sal\u012bdziniet divas mapes. Galven\u0101 uzman\u012bba j\u0101piev\u0113r\u0161 PHP un Javascript failiem. Ja programma saka, ka faili, piem\u0113ram, index.php un wp-mail.php, at\u0161\u0137iras, p\u0101rs\u016btiet failus no mapes Clean uz savu vietni, izmantojot SFTP, un p\u0101rbaudiet, vai p\u0113c tam viss darbojas cit\u0101di. Ja procesa laik\u0101 vietne avar\u0113, vienk\u0101r\u0161i atceliet visu, lejupiel\u0101d\u0113jot failu no mapes Infected. \u0160\u012b metode \u013cauj manu\u0101li atjaunot infic\u0113to WordPress un atgriezt veidnes un spraud\u0146us to s\u0101kotn\u0113j\u0101 st\u0101vokl\u012b. Turkl\u0101t, ja esat zino\u0161s, varat izmantot SSH komandas, piem\u0113ram: diff -r WordPress-clean\/ WordPress-infected\/ -x wp-content<\/p>\n \u0145emiet v\u0113r\u0101 ar\u012b to, ka fails wp-config.php at\u0161\u0137irsies atkar\u012bb\u0101 no vietn\u0113m. Izmantojiet \u0161o metodi tikai, lai noteiktu, vai s\u0101kotn\u0113jie faili ir main\u012bti vai galvenaj\u0101m sist\u0113mas map\u0113m ir pievienoti papildu faili (\u0146emiet v\u0113r\u0101, ka \/wp-content\/uploads\/ nav sist\u0113mas mape).<\/p>\n PHP failiem nekad nevajadz\u0113tu atrasties map\u0113 uploads, ta\u010du uzbruc\u0113ji bie\u017ei izmanto \u0161o ievainojam\u012bbu \u2014 k\u0101 rezult\u0101t\u0101 \u0161eit non\u0101k daudzas backdoors un droppers. Atveriet savu SSH konsoli un dodieties uz \/wp-content\/uploads\/ (varat izmantot cd komandas, lai atvieglotu navig\u0101ciju, piem\u0113ram, cd \/wp-content\/ un p\u0113c tam cd \/uploads\/) un palaidiet \u0161o komandu:<\/p>\n find . -name “*.php”<\/em><\/p>\n Bie\u017ei vien backdoors un kait\u012bgais kods ir \u013coti labi pasl\u0113pti (da\u017ek\u0101rt tie tiek pievienoti ar\u012b ori\u0123in\u0101lo sist\u0113mas skriptu galven\u0113m), lai atbilsto\u0161ie antiv\u012brusi tos neatrod. Da\u017eas no popul\u0101r\u0101kaj\u0101m funkcij\u0101m \u0161aj\u0101 zi\u0146\u0101 ir eval(), base64_decode(), gzinflate(), str_rot13() . Lai noteiktu \u0161\u0101dus failus, atveriet SSH konsoli un palaidiet \u0161\u0101du komandu:<\/p>\n find . -type f -name ‘*.php’ | xargs egrep -i “(mail|fsockopen|pfsockopen|stream\\_socket\\_client|exec|system|passthru|eval|base64_decode) *(” <\/em><\/p>\n Mekl\u0113jiet ar\u012b att\u0113lus ar backdoor, izmantojot \u0161\u0101das komandas:<\/p>\n find wp-content\/uploads -type f -iname ‘*.jpg’ | xargs grep -i php<\/em><\/p>\n Un iframes:<\/p>\n find . -type f -name ‘*.php’ | grep -i ‘<iframe’<\/em><\/p>\n Ir da\u017e\u0101di r\u012bki un skeneri, kurus var izmantot, lai autom\u0101tiski atrastu \u013caunpr\u0101t\u012bgu kodu. \u0160eit m\u0113s uzskait\u012bsim tikai atv\u0113rt\u0101 pirmkoda r\u012bkus, kas ir ieguvu\u0161i labu reput\u0101ciju. Ta\u010du vienm\u0113r atcerieties, ka liel\u0101k\u0101 da\u013ca malware un backdoors ir izstr\u0101d\u0101tas t\u0101, lai \u0161\u0101di r\u012bki t\u0101s nepaman\u012btu, t\u0101p\u0113c manu\u0101la audit\u0113\u0161ana nekad neb\u016bs lieka.<\/p>\n Nav slikts r\u012bks \u013caunpr\u0101t\u012bga koda noteik\u0161anai. Sken\u0113 ar\u012b JavaScript kodu, un tam ir da\u017e\u0101di noteik\u0161anas l\u012bme\u0146i. Tas darbojas k\u0101 PHP skripts, ko aug\u0161upiel\u0101d\u0113jat sav\u0101 vietn\u0113, un tas s\u0101k to sken\u0113t, tikl\u012bdz to palai\u017eat. Izmanto gan mode\u013cus, gan heiristisko anal\u012bzi. Atrod daudz, da\u017ereiz pat p\u0101r\u0101k daudz (da\u017ereiz ir viltus pozit\u012bvi).<\/p>\n R\u012bka vietne:<\/p>\n https:\/\/revisium.com\/aibo\/<\/a><\/p>\n \u0160is r\u012bks mekl\u0113 PHP papla\u0161in\u0101jumus un p\u0101rbauda, \u200b\u200bvai fail\u0101 ir teksta noteikumi, k\u0101 ar\u012b regexp. Noteikumu pamat\u0101 ir gan pa\u0161u paraugi, gan publiski pieejami materi\u0101li par malware un webshells.<\/p>\n Github: https:\/\/github.com\/scr34m\/php-malware-scanner<\/a><\/p>\n Palai\u017eot \u013caunpr\u0101t\u012bgas programmat\u016bras skenerus, no\u0146emiet failus pa vienam un vienm\u0113r p\u0101rbaudiet, vai vietne turpina darboties ar\u012b p\u0113c konkr\u0113ta faila no\u0146em\u0161anas. Kad vietne ir piln\u012bb\u0101 izt\u012br\u012bta no aizdom\u012bgiem failiem, aug\u0161upiel\u0101d\u0113jiet izt\u012br\u012bto WordPress mapi map\u0113 Infected un v\u0113lreiz sal\u012bdziniet to ar mapi Clean, izmantojot lietotni Beyond Compare. \u0145emiet v\u0113r\u0101 ar\u012b to, ka faila strukt\u016brai (iz\u0146emot \/wp-content\/) j\u0101b\u016bt identiskai. Mekl\u0113jiet \u0161ifr\u0113tus un ac\u012bmredzamus failu nosaukumus, piem\u0113ram, N73He.php un hax0r.php. Da\u017ereiz uzbruc\u0113ji pievieno savus failus katrai mapei k\u0101 zi\u0146ojumu lietot\u0101jam. Piem\u0113ram, \u0161\u0101d\u0101 zi\u0146ojum\u0101 var b\u016bt kaut kas l\u012bdz\u012bgs “uzlauzis Team_CC”.<\/p>\n Varat no\u0146emt \u0161os failus, izmantojot SSH:<\/p>\n find . -type f -name “filename.php” -exec rm -f {} \\;<\/em><\/p>\n \u013boti bie\u017ei datu b\u0101zes tiek infic\u0113tas ar \u013caunpr\u0101t\u012bgu kodu, un tas tiks iel\u0101d\u0113ts kop\u0101 ar zi\u0146\u0101m, lap\u0101m un lietot\u0101ju koment\u0101riem, k\u0101 ar\u012b citu vietnes saturu. M\u0113s jau esam eksport\u0113ju\u0161i .SQL WordPress datu b\u0101zes dubl\u0113jumu. Ir da\u017e\u0101di veidi, k\u0101 no\u0146emt \u013caunpr\u0101t\u012bgu kodu no WordPress datu b\u0101zes.<\/p>\n Varat tie\u0161i atv\u0113rt SQL datu b\u0101zi, izmantojot Sublime. P\u0113c tam izmantojiet ctrl+f, lai atrastu aizdom\u012bgu saturu.<\/p>\n Mekl\u0113t iFrame: <iframe Atrodiet visu aizdom\u012bgo un m\u0113\u0123iniet noskaidrot, kur viss atrodas. Neizdz\u0113siet tos tie\u0161i no datu b\u0101zes dubl\u0113juma\u00a0\u2014 t\u0101 viet\u0101 p\u0101rejiet uz 11.3.\u00a0darb\u012bbu.<\/p>\n Ja jums ir piek\u013cuve PhpMyAdmin, varat mekl\u0113t tie\u0161i, izmantojot mekl\u0113\u0161anas opciju. Ja esat p\u0101rliecin\u0101ts, ka esat sask\u0101ries ar aizdom\u012bgu kodu, m\u0113\u0123iniet saprast, no kurienes tas n\u0101cis, un p\u0101rejiet pie 11.3.\u00a0darb\u012bbas.<\/p>\n Apskatiet zi\u0146as, lapas un to labojumus. Atrodiet aizdom\u012bgus zi\u0146ojumus, veicot 10.1. un 10.2. darb\u012bbu, un atveriet tos pa vienam teksta redaktor\u0101. No\u0146emiet visu aizdom\u012bgo kodu un p\u0101rformat\u0113jiet saturu. Neaizmirstiet doties uz sada\u013cu “Redi\u0123\u0113t” un piev\u0113rst uzman\u012bbu koment\u0101riem, lai no\u0146emtu iesp\u0113jamo spamu.<\/p>\n Apskatiet savu vietni no apmekl\u0113t\u0101ja viedok\u013ca. Skatieties, vai tur nenotiek kaut kas aizdom\u012bgs. Ierakstiet j\u016bsu vietni Google. P\u0113c tam Google ierakstiet \u0161\u0101du vaic\u0101jumu: site:mywebsite.com . Ja mekl\u0113\u0161anas rezult\u0101tos redzat virkni \u0137\u012bnie\u0161u rakstz\u012bmju vai aizdom\u012bgus farm\u0101cijas pied\u0101v\u0101jumus, visticam\u0101k, j\u016bsu vietne ir infic\u0113ta ar SEO \u013caunpr\u0101t\u012bgu programmat\u016bru. \u0160\u0101du \u013caunpr\u0101t\u012bgu kodu var atrast tikai ar mekl\u0113t\u0101jprogramm\u0101m, piem\u0113ram, Google, jo tas paliek neredzams apmekl\u0113t\u0101jiem un vietnes \u012bpa\u0161niekam. Instal\u0113jiet p\u0101rl\u016bkprogrammai Google Chrome papla\u0161in\u0101jumu User-Agent Switcher, kas \u013caus jums apskat\u012bt j\u016bsu vietni no mekl\u0113t\u0101jprogrammu viedok\u013ca. Varat ar\u012b konfigur\u0113t piel\u0101gotu a\u0123entu, izmantojot papla\u0161in\u0101juma iestat\u012bjumus. Popul\u0101r\u0101kais Google izmantotais a\u0123ents ir robots:<\/p>\n Mozilla\/5.0 (compatible; Googlebot\/2.1; +http:\/\/www.google.com\/bot.html)<\/strong><\/p>\n Ja tagad sekojat sait\u0113m, izmantojot Googlebot un lietot\u0101ja a\u0123entu un neredzat citu saturu, varat uzskat\u012bt, ka esat veiksm\u012bgi no\u0146\u0113mis SEO \u013caunprogrammat\u016bru. Ja d\u012bvainais saturs joproj\u0101m nepaz\u016bd, atgriezieties p\u0101ris so\u013cus atpaka\u013c un skatiet, ko palaid\u0101t gar\u0101m.<\/p>\n Ja esat veicis visas darb\u012bbas, v\u0113lreiz visu p\u0101rbaud\u012bjis un tagad esat p\u0101rliecin\u0101ts, ka vietne ir t\u012bra, no\u0146emiet ierobe\u017eojumus no savas vietnes (bet tikai no vietnes, kuru tikko not\u012br\u012bj\u0101t \u2014 ja \u0161aj\u0101 hosting\u0101 jums ir citas vietnes, tad lab\u0101k tos neatv\u0113rt, kam\u0113r ar tiem neatk\u0101rtosiet to pa\u0161u procesu). Ja j\u016bsu hostings ir blo\u0137\u0113jis piek\u013cuvi, l\u016bdziet vi\u0146iem atk\u0101rtoti sken\u0113t vietni, past\u0101stiet vi\u0146iem, ka esat izpild\u012bjis nor\u0101d\u012bjumus, lai no vietnes no\u0146emtu \u013caunpr\u0101t\u012bgu kodu, un l\u016bdziet vi\u0146iem atv\u0113rt publisku piek\u013cuvi j\u016bsu projektam.<\/p>\n Lab\u0101kais veids, k\u0101 p\u0101rbaud\u012bt, vai j\u016bsu vietne ir k\u0101da melnaj\u0101 sarakst\u0101 (piem\u0113ram, mekl\u0113t\u0101jprogrammu), ir izmantot VirusTotal. Piem\u0113ram, ja Google j\u016bs ir iek\u013c\u0101vis melnaj\u0101 sarakst\u0101, varat vienk\u0101r\u0161i doties uz Google Webmaster Tools un piepras\u012bt atk\u0101rtotu sken\u0113\u0161anu. Tas var ilgt da\u017eas dienas, ta\u010du, ja Google j\u016bsu vietn\u0113 neatrad\u012bs nevienu \u013caunpr\u0101t\u012bgu kodu, tas no\u0146ems to no sava meln\u0101 saraksta. Ja atrodaties citu mekl\u0113t\u0101jprogrammu melnajos sarakstos, dodieties uz vi\u0146u vietni un pieprasiet ar\u012b atk\u0101rtotu sken\u0113\u0161anu. Vairum\u0101 gad\u012bjumu jums b\u016bs manu\u0101li j\u0101aizpilda veidlapa, lai piepras\u012btu atk\u0101rtotu sken\u0113\u0161anu, un process da\u017e\u0101dos melnajos sarakstos var at\u0161\u0137irties.<\/p>\n Papildus visam iepriek\u0161min\u0113tajam ir j\u0101veic da\u017eas lietas. Ir da\u017ei vienk\u0101r\u0161i uzlabojumi, kas \u013caus jums viegli nov\u0113rst visbie\u017e\u0101k sastopam\u0101s infekcijas.<\/p>\n Apache vai Nginx konfigur\u0101cijai varat viegli pievienot da\u017eas koda rindi\u0146as, kas ne\u013caus PHP izmantot uploads un cache map\u0113s. Daudzos gad\u012bjumos tas var atsp\u0113jot backdoors, jo \u013caunpr\u0101t\u012bgais kods vienk\u0101r\u0161i nevar\u0113s palaist.<\/p>\n Nginx: Apache:<\/p>\n Uploads un cache map\u0113s izveidojiet .htaccess failu un ierakstiet tur \u0161\u0101das koda rindas:<\/p>\n # Kill PHP Execution<\/em><\/p>\n deny from all<\/p>\n Var\u0113tu b\u016bt laba ideja atsp\u0113jot iesp\u0113ju redi\u0123\u0113t failus tie\u0161i no WordPress administratora pane\u013ca. Lai to izdar\u012btu, failam wp-config.php vienk\u0101r\u0161i pievienojiet \u0161\u0101du rindi\u0146u:<\/p>\n ## Disable Editing in Dashboard WordPress vietnes bie\u017ei tiek lauztas, izmantojot robott\u012bklus un hakeru skriptus. Viens no iemesliem ir tas, ka liel\u0101k\u0101 da\u013ca viet\u0146u k\u0101 administratora atra\u0161an\u0101s vietu izmanto \/wp-admin\/ un tas, ka daudzi viet\u0146u \u012bpa\u0161nieki izmanto noklus\u0113juma administratora lietot\u0101jv\u0101rdu un v\u0101ju paroli. T\u0101d\u0113j\u0101di uzbruc\u0113ji var viegli piek\u013c\u016bt vair\u0101k\u0101m WordPress vietn\u0113m un infic\u0113t t\u0101s ar v\u0113lamo \u013caunpr\u0101t\u012bgo kodu, instal\u0113t backdoors, s\u016bt\u012bt spamu un novirz\u012bt trafiku. Var b\u016bt gr\u016bti manu\u0101li main\u012bt mapes wp-admin atra\u0161an\u0101s vietu, lai viss darbotos, k\u0101 paredz\u0113ts. T\u0101p\u0113c \u0161im nol\u016bkam lab\u0101k ir izmantot tre\u0161o pu\u0161u spraud\u0146us.<\/p>\n B\u016btu ieteicams izveidot t\u012bmek\u013ca lietojumprogrammu ugunsm\u016bri, kas tiek past\u0101v\u012bgi atjaunin\u0101ts. Viet\u0146u ugunsm\u016bris tagad ir oblig\u0101ta pras\u012bba, t\u0101pat k\u0101 pretv\u012brusi datoriem. Ir daudz spraud\u0146u, kas atvieglos j\u016bsu dz\u012bvi un \u013caus izvair\u012bties no manu\u0101las skriptu pievieno\u0161anas. Piem\u0113ram, WordFence un SecuPress.<\/p>\n J\u016bsu hostingam ir j\u0101b\u016bt atjaunin\u0101tam (un p\u0101rliecinieties, ka tas atbalsta PHP 8.3), pareizi konfigur\u0113tam un dro\u0161am. Ja j\u016bs ietaup\u0101t naudu, izv\u0113loties l\u0113tu hostingu no nep\u0101rbaud\u012bta uz\u0146\u0113muma, tad probl\u0113mu ra\u0161an\u0101s ir tikai laika jaut\u0101jums. Varat nodro\u0161in\u0101t savu vietni p\u0113c iesp\u0113jas lab\u0101k, ta\u010du, ja j\u016bsu hostings tiek uzlauzts, visas j\u016bsu p\u016bles tiks zaud\u0113tas. Mekl\u0113jiet pakalpojumus, kas ir \u012bpa\u0161i izstr\u0101d\u0101ti priek\u0161 WordPress. Vi\u0146iem parasti ir ieb\u016bv\u0113ts WP CLI, lai visas j\u016bsu vietnes un taj\u0101s eso\u0161ie dro\u0161\u012bbas pas\u0101kumi b\u016btu atjaunin\u0101ti. Viens no popul\u0101r\u0101kajiem ir WP Engine.<\/p>\n Nekad ne\u017e\u0113lojiet naudu viet\u0146u profilaksei un aizsardz\u012bbai. Tirg\u016b ir daudz risin\u0101jumu, kas pal\u012bdz\u0113s jums atbr\u012bvoties no \u013caunpr\u0101t\u012bga koda j\u016bsu vietn\u0113. Tom\u0113r, neiev\u0113rojot atbilsto\u0161us piesardz\u012bbas pas\u0101kumus, j\u016bsu vietne tiks infic\u0113ta atkal un atkal. \u013baunpr\u0101t\u012bga koda no\u0146em\u0161ana no vietnes var neb\u016bt viegl\u0101kais process, un jo sare\u017e\u0123\u012bt\u0101ka ir j\u016bsu vietne (piem\u0113ram, ja tas ir sava veida komerci\u0101ls projekts), jo gr\u016bt\u0101ks var b\u016bt pats process. Esiet sapr\u0101t\u012bgi un vienm\u0113r dom\u0101jiet da\u017eus so\u013cus uz priek\u0161u. Samaks\u0101t 80 eiro par pilnv\u0113rt\u012bgu dro\u0161\u012bbas risin\u0101jumu j\u016bsu vietnei ir daudz, daudz l\u0113t\u0101k nek\u0101 t\u0113r\u0113t daudz laika viet\u0146u atjauno\u0161anai un t\u012br\u012b\u0161anai, un v\u0113l jo vair\u0101k maks\u0101t profesion\u0101\u013ciem, lai tie no\u0146emtu kait\u012bgos kodus no j\u016bsu projektiem.<\/p>\n R\u016bp\u0113jieties par sevi un sav\u0101m vietn\u0113m!<\/p>\n M\u016bsu specialit\u0101te ir WordPress viet\u0146u izstr\u0101de un atbalsts. Kontakti bezmaksas konsult\u0101cijai\u00a0\u2014 vadim@coma.lv<\/a>, +371 29394520<\/a><\/em><\/p>\n \n","protected":false},"excerpt":{"rendered":" \u013baunpr\u0101t\u012bga koda no\u0146em\u0161ana no WordPress vietnes nav viegls uzdevums. Tie\u0161i \u0161\u012b iemesla d\u0113\u013c \u0161\u0101di pakalpojumi da\u017ek\u0101rt var maks\u0101t l\u012bdz simts eiro par vietni. Un pat \u0161\u0101dos gad\u012bjumos ne vienm\u0113r var b\u016bt 100% p\u0101rliecin\u0101ts, ka \u0161\u0101du pakalpojumu sniedz\u0113js savu uzdevumu ir izpild\u012bjis 100%. Jaun\u0101kie p\u0113t\u012bjumi liecina, ka pat 84% viet\u0146u satur ievainojam\u012bbas. Tas noz\u012bm\u0113, ka jebkura […]<\/p>\n","protected":false},"author":1,"featured_media":38287,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1226],"tags":[],"class_list":["post-34272","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress"],"_links":{"self":[{"href":"https:\/\/coma.lv\/lv\/wp-json\/wp\/v2\/posts\/34272","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coma.lv\/lv\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coma.lv\/lv\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coma.lv\/lv\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/coma.lv\/lv\/wp-json\/wp\/v2\/comments?post=34272"}],"version-history":[{"count":5,"href":"https:\/\/coma.lv\/lv\/wp-json\/wp\/v2\/posts\/34272\/revisions"}],"predecessor-version":[{"id":38286,"href":"https:\/\/coma.lv\/lv\/wp-json\/wp\/v2\/posts\/34272\/revisions\/38286"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coma.lv\/lv\/wp-json\/wp\/v2\/media\/38287"}],"wp:attachment":[{"href":"https:\/\/coma.lv\/lv\/wp-json\/wp\/v2\/media?parent=34272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coma.lv\/lv\/wp-json\/wp\/v2\/categories?post=34272"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coma.lv\/lv\/wp-json\/wp\/v2\/tags?post=34272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n# Deny access from all IPs deny from all
\n# Allow access from specific IP
\nallow from 127.0.0.1<\/em><\/p>\n1.2 Nginx<\/h4>\n
\n# allow your IP below
\nallow 127.0.0.1;
\n# drop rest of the world
\ndeny all;
\n}<\/em><\/p>\n2. Instal\u0113jiet pretv\u012brusu programmat\u016bru visos datoros, no kuriem varat piek\u013c\u016bt vietn\u0113m<\/h2>\n
3. Mainiet visus piek\u013cuves kodus (Hosting, SSH, FTP, MySQL, WP Users)<\/h2>\n
3.1. Mainiet DB datus<\/h4>\n
3.2. Mainiet Salt<\/h4>\n
3.3. Mainiet piek\u013cuvi WordPress administratora panelim<\/h4>\n
4. Izveidojiet pilnu vietnes kopiju<\/h2>\n
4.1 SSH<\/h4>\n
4.2. SFTP<\/h4>\n
4.3. Datu b\u0101ze<\/h4>\n
5. \u017durn\u0101lu un jaun\u0101ko izmai\u0146u anal\u012bze<\/h2>\n
6. Atjauniniet savu WordPress<\/h2>\n
6.1. Atbr\u012bvojieties no visiem reti izmantotajiem spraud\u0146iem un \u0161abloniem<\/h4>\n
7. Atjauniniet savu PHP versiju<\/h2>\n
8. No\u0146emiet Symlinks (simbolu saites)<\/h2>\n
9. Iestatiet nepiecie\u0161am\u0101s piek\u013cuves ties\u012bbas<\/h2>\n
10. WordPress \u013caunpr\u0101t\u012bg\u0101 koda no\u0146em\u0161ana (faili)<\/h2>\n
10.1. Aizst\u0101jiet jauno WordPress ar infic\u0113to<\/h4>\n
10.2. No\u0146emiet visus PHP failus no mapes “uploads”<\/h4>\n
10.3. Backdoors un \u013caunpr\u0101t\u012bga koda noteik\u0161ana (manu\u0101li)<\/h4>\n
10.4. Backdoors un malware atra\u0161ana\/no\u0146em\u0161ana (autom\u0101tiski)<\/h4>\n
10.4.1 Ai-Bolit malware scanner<\/h4>\n
10.4.2 PHP malware scanner<\/h4>\n
10.5. Atk\u0101rtojiet 9.1. darb\u012bbu un p\u0101rliecinieties, vai nav palicis ne viens aizdom\u012bgs fails.<\/h4>\n
11. \u013baunpr\u0101t\u012bga koda no\u0146em\u0161ana no WordPress, izmantojot datu b\u0101zi<\/h2>\n
11.1. Mekl\u0113jam aizdom\u012bgu saturu tie\u0161i dubl\u0113taj\u0101 datub\u0101z\u0113<\/h4>\n
\nMekl\u0113t base64: base64_decode
\nMekl\u0113t eval():eval()
\nMekl\u0113t skriptus: <script<\/p>\n11.2. Aizdom\u012bga satura mekl\u0113\u0161ana, izmantojot PhpMyAdmin<\/h4>\n
11.3. Manu\u0101la lapu, zi\u0146u, koment\u0101ru un labojumu pars\u0113\u0161ana<\/h4>\n
12. P\u0101rbaudiet vietni manu\u0101li un no mekl\u0113t\u0101jprogrammu viedok\u013ca<\/h2>\n
13. Atjaunojiet publisko piek\u013cuvi vietnei<\/h2>\n
14. L\u016bdziet no\u0146emt j\u016bs no melnajiem sarakstiem<\/h2>\n
15. Papildu WordPress pul\u0113\u0161ana<\/h2>\n
15.1. Atsp\u0113jojiet PHP izpildi map\u0113s \/uploads\/ un \/cache\/<\/h4>\n
\n# Deny access to PHP files in any \/uploads\/ or \/cache\/ directories
\nlocation ~ \/uploads\/(.+)\\.php$ { access_log off; log_not_found off; deny all; }
\nlocation ~ \/cache\/(.+)\\.php$ { access_log off; log_not_found off; deny all; }<\/em><\/p>\n15.2. No\u0146emiet failu redi\u0123\u0113\u0161anu no administr\u0113\u0161anas pane\u013ca<\/h4>\n
\ndefine(‘DISALLOW_FILE_EDIT’, true);<\/em><\/p>\n15.3. Sl\u0113pt administratora paneli p\u0113c noklus\u0113juma<\/h4>\n
15.4. T\u012bmek\u013ca lietojumprogrammu ugunsm\u016bris, uptime uzraudz\u012bba un ievainojam\u012bbas br\u012bdin\u0101jumi<\/h4>\n
15.5. Izmantojiet dro\u0161u hostingu un atjauniniet savas lietojumprogrammas<\/h4>\n
Secin\u0101jumi<\/h2>\n
\n
\n