Mudanças entre as edições de "Segurança no wordpress"

De MochilaWiki
Ir para navegaçãoIr para pesquisar
Linha 1: Linha 1:
 +
* um malware que redirecionada para outros sites
 +
* os temas que tem <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" no arquivo header.php facilta busca vuneralibidades para a versão usado, isso ajuda a ser mais rapido
 +
* não usar wp_ como prefixo
 +
* trocar a senha do banco de dados
  
 
+
== remover o arquivo readme.html ==
um malware que redirecionada para outros sites
+
<source lang="bash">
 
 
http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/
 
http://www.doitwithwp.com/how-to-change-wordpress-database-prefix/
 
http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpress-version-number/
 
 
 
os temas que tem <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" no arquivo header.php facilta busca vuneralibidades para a versão usado, isso ajuda a ser mais rapido
 
 
 
http://www.mcritch.com/content/cleaning_wordpress_pharma_hack
 
http://inspirated.com/2010/03/02/wordpress-ninoplas-virus-and-the-fix
 
http://www.silvatechsolutions.com/main/2012/03/05/wordpress-base64-hack-cleanup/
 
http://www.exploit-db.com/wordpress-timthumb-exploitation/
 
http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
 
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
 
 
 
 
 
não usar wp_ como prefixo
 
http://www.websitedefender.com/wordpress-security/wordpress-database-security-tables-prefix/
 
 
 
unzip /root/tools/wordpress/plugins/antivirus.zip -d .
 
unzip /root/tools/wordpress/plugins/wp-security-scan.zip -d .
 
unzip /root/tools/wordpress/plugins/timthumb-vulnerability-scanner.zip -d .
 
 
 
Vulnerable 1.09 timthumb.php
 
Up to Date 2.8.3 timthumb.php
 
 
 
 
 
trocar a senha do banco de dados
 
 
 
 
 
 
 
https://api.wordpress.org/secret-key/1.1/
 
 
 
entre em wp-config.php e troque
 
 
 
 
 
- TimThumb Vulnerability Scanner
 
AntiVirus
 
Timthumb Scanner
 
WP Security Scan
 
 
 
 
 
 
rm readme.html
 
rm readme.html
 +
</source>
  
 
+
== ajuste nas permissões de arquivos e pastas ==
 +
<source lang="bash">
 
touch .htaccess
 
touch .htaccess
 
touch wp-admin/.htaccess
 
touch wp-admin/.htaccess
 +
chown -R www-data.www-data .
 +
find ./ -type d -exec chmod 755 {} \;
 +
find ./ -type f -exec chmod 644 {} \;
 
chmod 0600 wp-admin/.htaccess
 
chmod 0600 wp-admin/.htaccess
 
chmod 0600 wp-config.php
 
chmod 0600 wp-config.php
Linha 59: Linha 27:
 
chmod 0700 wp-includes
 
chmod 0700 wp-includes
 
chmod 0700 $PWD
 
chmod 0700 $PWD
 +
</source>
  
 
+
== buscando e removendo arquivos diferentes e que são malware ==
 +
<source lang="bash">
 
find -name \*\.tmp -exec rm {} -fr \;
 
find -name \*\.tmp -exec rm {} -fr \;
 
find -name lmdex.php -exec rm {} -fr \;
 
find -name lmdex.php -exec rm {} -fr \;
 
find . -name \*\INFECTED.php -exec rm {} -fr \;
 
find . -name \*\INFECTED.php -exec rm {} -fr \;
 +
find -name sitemaps.php -exec rm {} -fr \;
 +
find -name template_rss.php -exec rm {} -fr \;
 +
find -name flash.php -exec rm {} -fr \;
 +
for x in `seq 9`; do find -name w$x*.php -exec rm {} \;; done;
 +
</source>
  
find -name sitemaps.php
+
instalar os plugins:
find -name template_rss.php
+
* AntiVirus
find -name flash.php
+
* Timthumb Scanner
 +
* WP Security Scan
  
 +
<source lang="bash">
 
wget http://downloads.wordpress.org/plugin/antivirus.zip
 
wget http://downloads.wordpress.org/plugin/antivirus.zip
 
wget http://downloads.wordpress.org/plugin/timthumb-vulnerability-scanner.zip
 
wget http://downloads.wordpress.org/plugin/timthumb-vulnerability-scanner.zip
 
wget http://downloads.wordpress.org/plugin/wp-security-scan.zip
 
wget http://downloads.wordpress.org/plugin/wp-security-scan.zip
 +
unzip /root/tools/wordpress/plugins/antivirus.zip -d .
 +
unzip /root/tools/wordpress/plugins/wp-security-scan.zip -d .
 +
unzip /root/tools/wordpress/plugins/timthumb-vulnerability-scanner.zip -d .
 +
</source>
 +
 +
Vulnerable 1.09 timthumb.php
 +
Up to Date 2.8.3 timthumb.php
  
chown -R www-data.www-data .
 
find ./ -type d -exec chmod 755 {} \;
 
find ./ -type f -exec chmod 644 {} \;
 
  
 
esse comando acusar ter ou não "base64"
 
esse comando acusar ter ou não "base64"
 +
<source lang="bash">
 
grep -r base64 * |awk -F : '{print $1}' |sort |uniq
 
grep -r base64 * |awk -F : '{print $1}' |sort |uniq
 +
</source>
  
procura arquivo .php que tenha o nome começando com w e um numero de 1 a 9 e qualquer coisa depois
 
for x in `seq 9`; do find -name w$x*.php; done;
 
  
 
+
== referências ==
igual o comando acima, mas removendo os arquivos encontrados
+
* http://www.mcritch.com/content/cleaning_wordpress_pharma_hack
for x in `seq 9`; do find -name w$x*.php -exec rm {} \;; done;
+
* http://inspirated.com/2010/03/02/wordpress-ninoplas-virus-and-the-fix
 +
* http://www.silvatechsolutions.com/main/2012/03/05/wordpress-base64-hack-cleanup/
 +
* http://www.exploit-db.com/wordpress-timthumb-exploitation/
 +
* http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
 +
* http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
 +
* http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/
 +
* http://www.doitwithwp.com/how-to-change-wordpress-database-prefix/
 +
* http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpress-version-number/
 +
* http://www.websitedefender.com/wordpress-security/wordpress-database-security-tables-prefix/

Edição das 12h04min de 7 de abril de 2012

  • um malware que redirecionada para outros sites
  • os temas que tem <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" no arquivo header.php facilta busca vuneralibidades para a versão usado, isso ajuda a ser mais rapido
  • não usar wp_ como prefixo
  • trocar a senha do banco de dados

remover o arquivo readme.html

rm readme.html

ajuste nas permissões de arquivos e pastas

touch .htaccess
touch wp-admin/.htaccess
chown -R www-data.www-data .
find ./ -type d -exec chmod 755 {} \;
find ./ -type f -exec chmod 644 {} \;
chmod 0600 wp-admin/.htaccess
chmod 0600 wp-config.php
chmod 0600 .htaccess
chmod 0700 wp-admin
chmod 0600 wp-admin/index.php
chmod 0700 wp-admin/js
chmod 0700 wp-content/themes
chmod 0700 wp-content/plugins
chmod 0700 wp-content
chmod 0700 wp-includes
chmod 0700 $PWD

buscando e removendo arquivos diferentes e que são malware

find -name \*\.tmp -exec rm {} -fr \;
find -name lmdex.php -exec rm {} -fr \;
find . -name \*\INFECTED.php -exec rm {} -fr \;
find -name sitemaps.php -exec rm {} -fr \;
find -name template_rss.php -exec rm {} -fr \;
find -name flash.php -exec rm {} -fr \;
for x in `seq 9`; do find -name w$x*.php -exec rm {} \;; done;

instalar os plugins:

  • AntiVirus
  • Timthumb Scanner
  • WP Security Scan
wget http://downloads.wordpress.org/plugin/antivirus.zip
wget http://downloads.wordpress.org/plugin/timthumb-vulnerability-scanner.zip
wget http://downloads.wordpress.org/plugin/wp-security-scan.zip
unzip /root/tools/wordpress/plugins/antivirus.zip -d .
unzip /root/tools/wordpress/plugins/wp-security-scan.zip -d .
unzip /root/tools/wordpress/plugins/timthumb-vulnerability-scanner.zip -d .

Vulnerable 1.09 timthumb.php Up to Date 2.8.3 timthumb.php


esse comando acusar ter ou não "base64"

grep -r base64 * |awk -F : '{print $1}' |sort |uniq


referências