Segurança no wordpress

De MochilaWiki
Revisão de 20h47min de 6 de abril de 2012 por Banto Palmarino (discussão | contribs)
Ir para navegaçãoIr para pesquisar


um malware que redirecionada para outros sites

http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/ http://www.doitwithwp.com/how-to-change-wordpress-database-prefix/ http://www.wpbeginner.com/wp-tutorials/the-right-way-to-remove-wordpress-version-number/

os temas que tem <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" no arquivo header.php facilta busca vuneralibidades para a versão usado, isso ajuda a ser mais rapido

http://www.mcritch.com/content/cleaning_wordpress_pharma_hack http://inspirated.com/2010/03/02/wordpress-ninoplas-virus-and-the-fix http://www.silvatechsolutions.com/main/2012/03/05/wordpress-base64-hack-cleanup/ http://www.exploit-db.com/wordpress-timthumb-exploitation/ http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/ http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/


não usar wp_ como prefixo http://www.websitedefender.com/wordpress-security/wordpress-database-security-tables-prefix/

unzip /root/tools/wordpress/plugins/antivirus.zip -d . unzip /root/tools/wordpress/plugins/wp-security-scan.zip -d . unzip /root/tools/wordpress/plugins/timthumb-vulnerability-scanner.zip -d .

Vulnerable 1.09 timthumb.php Up to Date 2.8.3 timthumb.php


trocar a senha do banco de dados


https://api.wordpress.org/secret-key/1.1/

entre em wp-config.php e troque


- TimThumb Vulnerability Scanner AntiVirus Timthumb Scanner WP Security Scan


rm readme.html


touch .htaccess touch wp-admin/.htaccess chmod 0600 wp-admin/.htaccess chmod 0600 wp-config.php chmod 0600 .htaccess chmod 0700 wp-admin chmod 0600 wp-admin/index.php chmod 0700 wp-admin/js chmod 0700 wp-content/themes chmod 0700 wp-content/plugins chmod 0700 wp-content chmod 0700 wp-includes chmod 0700 $PWD


find -name \*\.tmp -exec rm {} -fr \; find -name lmdex.php -exec rm {} -fr \; find . -name \*\INFECTED.php -exec rm {} -fr \;

find -name sitemaps.php find -name template_rss.php find -name flash.php

wget http://downloads.wordpress.org/plugin/antivirus.zip wget http://downloads.wordpress.org/plugin/timthumb-vulnerability-scanner.zip wget http://downloads.wordpress.org/plugin/wp-security-scan.zip

chown -R www-data.www-data . find ./ -type d -exec chmod 755 {} \; find ./ -type f -exec chmod 644 {} \;

esse comando acusar ter ou não "base64" grep -r base64 * |awk -F : '{print $1}' |sort |uniq

procura arquivo .php que tenha o nome começando com w e um numero de 1 a 9 e qualquer coisa depois for x in `seq 9`; do find -name w$x*.php; done;


igual o comando acima, mas removendo os arquivos encontrados for x in `seq 9`; do find -name w$x*.php -exec rm {} \;; done;