Momwe Mungayang'anire, Chotsani, ndi Kuteteza Malware ku WordPress Yanu

Momwe Mungachotsere Malware ku WordPress

Sabata ino inali yotanganidwa kwambiri. Chimodzi mwazinthu zopanda phindu zomwe ndikudziwa zidapezeka kuti zili pachiwopsezo - tsamba lawo la WordPress linali ndi pulogalamu yaumbanda. Tsambali lidabedwa ndipo zolemba zidaperekedwa kwa alendo omwe adachita zinthu ziwiri zosiyana:

  1. Adayesera kupatsira Microsoft Windows ndi pulogalamu yaumbanda.
  2. Anatumizanso ogwiritsa ntchito patsamba lomwe amagwiritsa ntchito JavaScript kuti agwiritse ntchito PC ya alendo cryptocurrency.

Ndidazindikira kuti tsambalo lidabedwa nditayendera nditadutsa nkhani zawo zaposachedwa ndipo ndidawadziwitsa nthawi yomweyo zomwe zikuchitika. Tsoka ilo, zinali zankhanza kwambiri zomwe ndinatha kuzichotsa koma nthawi yomweyo ndinayambitsanso tsambalo ndikakhala moyo. Ichi ndi chizolowezi chofala cha osokoneza mapulogalamu aumbanda - samangobera tsambalo, amathanso kuwonjezera wogwiritsa ntchito webusayiti kapena kusintha fayilo yayikulu ya WordPress yomwe imabweretsanso kuthyolako ikachotsedwa.

Malware ndi vuto lomwe likupitilira pa intaneti. Malware amagwiritsidwa ntchito kukweza mitengo yotsatsa (zachinyengo zotsatsa), kukulitsa ziwerengero zamasamba kuti achulukitse otsatsa, kuyesa ndikupeza mwayi wodziwa zambiri zandalama ndi zaumwini za alendo, ndipo posachedwa - kukumba cryptocurrency. Ogwira ntchito m'migodi amalipidwa bwino chifukwa cha deta ya migodi koma mtengo wopangira makina opangira migodi ndi kulipira ngongole zamagetsi kwa iwo ndi zofunika. Pogwiritsa ntchito makompyuta mobisa, ogwira ntchito m'migodi amatha kupanga ndalama popanda ndalama.

WordPress ndi mapulatifomu ena wamba ndizowakakamiza kwambiri owononga chifukwa ndiwo maziko azamasamba ambiri pa intaneti. Kuphatikiza apo, WordPress ili ndi mutu ndi zomangamanga zomwe siziteteza mafayilo apakati pamabowo achitetezo. Kuphatikiza apo, gulu la WordPress ndilofunika kwambiri pozindikira komanso kutchera mabowo achitetezo - koma eni masamba sakhala tcheru posunga tsamba lawo posinthidwa ndimitundu yatsopano.

Tsambali lidasungidwa malinga ndi chikhalidwe cha GoDaddy (osati Kusungidwa kokhala ndi WordPress), yomwe imapereka chitetezo cha zero. Zachidziwikire, amapereka Chojambulira pulogalamu yaumbanda ndikuchotsa service, komabe. Makampani omwe amayang'anira WordPress monga Flywheel, WP Engine, LiquidWeb, GoDaddy, ndi Pantheon zonse zimapereka zosintha zokha kuti tsamba lanu likhale logwirizana ndi zomwe zadziwika ndikuzimitsa. Ambiri amakhala ndi sikani ya pulogalamu yaumbanda komanso mitu yoletsedwa ndi mapulagini kuti athandize eni webusayiti kupewa kuthyolako. Makampani ena amapita patsogolo - Kinsta - woyang'anira wamkulu wa Managed WordPress - ngakhale amapereka chitetezo chachitetezo.

Komanso, timu pa Jetpack imapereka ntchito yabwino yoyang'ana tsamba lanu ngati pulogalamu yaumbanda ndi zovuta zina tsiku lililonse. Ili ndi yankho labwino ngati mukudzipangira nokha WordPress pazomanga zanu.

Jetpack Scanning WordPress ya Malware

Muthanso kugwiritsa ntchito munthu wotsika mtengo wotsika mtengo ntchito yojambulira pulogalamu yaumbanda ngati Zitsulo zofufuzira mawebusayiti, yomwe imayang'ana tsamba lanu tsiku ndi tsiku ndikukudziwitsani ngati simunalembetsedwe pazida zowunikira pulogalamu yaumbanda.

Kodi Tsamba Lanu Lalembedwa Kuti Lipeze Malware:

Pali masamba ambiri pa intaneti omwe amalimbikitsa kufufuza tsamba lanu la pulogalamu yaumbanda, koma kumbukirani kuti ambiri aiwo sakuyang'ana tsamba lanu konse munthawi yeniyeni. Kusanthula kwa pulogalamu yaumbanda mu nthawi yeniyeni kumafuna chida chokwawa cha gulu lachitatu chomwe sichingapereke zotsatira nthawi yomweyo. Masamba omwe amapereka cheke pompopompo ndi masamba omwe adapezapo kuti tsamba lanu lili ndi pulogalamu yaumbanda. Ena mwa mawebusayiti omwe amawunika pulogalamu yaumbanda pa intaneti ndi awa:

  • Lipoti la Google Transparency - ngati tsamba lanu lalembetsedwa ndi oyang'anira masamba awebusayiti, amakudziwitsani nthawi yomweyo akamakwera tsamba lanu ndikupeza pulogalamu yoyipa.
  • Webusaiti Yotetezeka ya Norton - Norton imagwiritsanso ntchito mapulagini osakatula ndi mapulogalamu a pulogalamu yomwe ingalepheretse ogwiritsa ntchito kutsegula tsamba lanu madzulo ngati adalemba. Eni mawebusayiti amatha kulembetsa tsambalo ndikupempha kuti tsamba lawo liunikidwenso likakhala loyera.
  • Sucuri - Sucuri ali ndi mndandanda wamawebusayiti komanso lipoti la komwe adasankhidwa. Ngati tsamba lanu litsukidwa, muwona Limbikitsani Kukonzanso ulalo pansi pamndandanda (zazing'ono kwambiri). Sucuri ili ndi pulogalamu yowonjezera yomwe imazindikira zovuta ... kenako ndikukulowetsani mumgwirizano wapachaka kuti muwachotse.
  • Yandex - ngati mufufuza Yandex pazomwe mumayang'ana ndikuwona "Malinga ndi Yandex, tsamba ili likhoza kukhala lowopsa ", mutha kulembetsa oyang'anira masamba a Yandex, kuwonjezera tsamba lanu, kuyenda ku Chitetezo ndi Zophwanya, ndipo pemphani kuti tsamba lanu litsitsidwe.
  • Phishtank - Osewera ena amaika zolemba zawo zabodza patsamba lanu, zomwe zingapangitse kuti madambwe anu akhale omwe ali ndi mbiri yoipa. Ngati mungalembetse ulalo wathunthu wa tsamba lokhazikitsidwa ndiumbanda ku Phishtank, mutha kulembetsa ndi Phishtank ndikuvota ngati ilidi tsamba labodza kapena ayi.

Pokhapokha ngati tsamba lanu lalembetsedwa ndipo muli ndi akaunti yowunikira kwinakwake, mutha kupeza lipoti kuchokera kwa wogwiritsa ntchito imodzi mwamautumikiwa. Osanyalanyaza chenjezo… pomwe simungawone vuto, zonena zabodza sizichitika kawirikawiri. Izi zitha kuchititsa kuti tsamba lanu lichotsedwe m'malo osakira ndikutsekeka pakusakatula. Choyipa chachikulu, makasitomala omwe angakhale nawo komanso makasitomala omwe alipo angadabwe kuti akugwira nawo ntchito yanji.

Kodi Mumayang'ana Bwanji Malware?

Makampani angapo pamwambapa amalankhula za momwe zimavutira kupeza pulogalamu yaumbanda koma sizovuta. Chovuta ndikuzindikira momwe zidalowa patsamba lanu! Khodi yoyipa imapezeka nthawi zambiri mu:

  • yokonza - Musanachite chilichonse, lozani a tsamba lokonzanso ndi kumbuyo malo anu. Osagwiritsa ntchito WordPress 'kukonza kosasintha kapena pulogalamu yokonzanso popeza izi zidzakwaniritsa WordPress pa seva. Mukufuna kuwonetsetsa kuti palibe amene akuchita fayilo ya PHP patsamba lino. Mukadali pamenepo, yang'anani .htaccess file pa webserver kuti muwonetsetse kuti ilibe nambala yachinyengo yomwe ingakhale ikuwongolera magalimoto.
  • Search mafayilo amalo anu kudzera pa SFTP kapena FTP ndikuzindikira mafayilo aposachedwa m'mapulagini, mitu, kapena mafayilo amkati a WordPress. Tsegulani mafayilowo ndikuyang'ana zosintha zilizonse zomwe zimawonjezera zolemba kapena malamulo a Base64 (omwe amabisala kuchitidwa kwa seva).
  • Yerekezerani mafayilo apakatikati a WordPress m'dongosolo lanu la mizu, chikwatu cha wp-admin, ndi wp-kuphatikiza zikwatu kuti muwone ngati pali mafayilo atsopano kapena mafayilo amitundu yosiyanasiyana. Sakanizani fayilo iliyonse. Ngakhale mutapeza ndikuchotsa kuthyolako, pitirizani kuyang'ana popeza ambiri obera amasiya kunyumba kuti akapatsenso tsambalo. Osangolembanso kapena kukhazikitsanso WordPress… obera nthawi zambiri amawonjezera zolembedwera mumndandanda wazotengera ndikuyitanitsa script njira ina yobweretsera kuthyolako. Zolemba zosavutikira kwambiri zaumbanda zimangoyika mafayilo amtundu wa womet or footer.php. Zolemba zovuta kwambiri zidzasintha fayilo iliyonse ya PHP pa seva ndi nambala ya jakisoni kuti mukhale ndi nthawi yovuta kuchichotsa.
  • Chotsani zolemba zotsatsa za ena omwe atha kukhala gwero. Ndakana kugwiritsa ntchito ma intaneti atsopano ndikawerenga kuti abedwa pa intaneti.
  • cheke ndandanda yanu yosungiramo zosunga zobwezeretsera zama script ophatikizidwa patsamba. Mungathe kuchita izi pofufuza mosavuta pogwiritsa ntchito PHPMyAdmin ndikusaka ma URL opempha kapena malemba.

Musanatseke tsamba lanu kukhala lamoyo… ndi nthawi yoti muumitse tsamba lanu kuti mupewe kubayanso kapena kubera kwina:

Kodi Mumalepheretsa Bwanji Malo Anu Kuti Asakhadzulidwe ndi Malware Kuyika?

  • Tsimikizani aliyense wogwiritsa ntchito tsambali. Ma hackers nthawi zambiri amalowetsa zolemba zomwe zimawonjezera wogwiritsa ntchito. Chotsani maakaunti akale kapena osagwiritsidwa ntchito ndikupatsanso zomwe zili patsamba lanu kwa wogwiritsa ntchito kale. Ngati muli ndi wosuta wotchedwa boma, onjezani woyang'anira watsopano wokhala ndi malowedwe apadera ndikuchotsani akaunti ya admin yonse.
  • Bwezerani achinsinsi aliyense wogwiritsa. Masamba ambiri amabedwa chifukwa chogwiritsa ntchito mawu achinsinsi omwe amangoganiza kuti awukira, zomwe zimapangitsa munthu kulowa mu WordPress ndikuchita chilichonse chomwe angafune.
  • Khumba kutha kusintha mapulagini ndi mitu kudzera pa WordPress Admin. Kutha kusintha mafayilowa kumalola wowononga aliyense kuchita zomwezo ngati angawapeze. Pangani mafayilo apakatikati a WordPress kuti asalembetsedwe kuti zolembera zisathe kulembanso kachidindo koyambira. Zonse mwa Mmodzi ili ndi pulogalamu yowonjezera yabwino yomwe imapereka WordPress kuumitsa ndi tani yazinthu.
  • Mwadongosolo tsitsani ndikukhazikitsanso mitundu yatsopano yamapulagini omwe mukufuna ndi kuchotsa mapulagini ena onse. Chotsani kwathunthu mapulagini oyang'anira omwe amapatsa mwachindunji mafayilo am'masamba kapena nkhokwe, izi ndizowopsa.
  • Chotsani ndikusintha mafayilo onse mumndandanda wanu wamazenera kupatula chikwatu cha wp (kotero muzu, wp-kuphatikiza, wp-admin) ndikukhazikitsa kwatsopano kwa WordPress kutsitsidwa patsamba lawo.
  • Kusiyana - Mungafunenso kusiyanitsa pakati pa zosunga zobwezeretsera patsamba lanu pomwe mulibe pulogalamu yaumbanda ndi tsamba lomwe lilipo… izi zikuthandizani kuti muwone mafayilo omwe adasinthidwa komanso kusintha kotani. Diff ndi ntchito yachitukuko yomwe imafanizira zolemba ndi mafayilo ndikukupatsirani kufananitsa pakati pa ziwirizi. Ndi kuchuluka kwa zosintha zomwe zasinthidwa patsamba la WordPress, iyi si njira yosavuta nthawi zonse - koma nthawi zina pulogalamu yaumbanda imawonekeradi.
  • Pitirizani tsamba lanu! Tsamba lomwe ndimagwira sabata ino linali ndi mtundu wakale wa WordPress wokhala ndi mabowo odziwika otetezedwa, ogwiritsa ntchito akale omwe sayenera kulowanso, mitu yakale, ndi mapulagini akale. Akadakhala kuti ndi imodzi mwazomwe zidatsegula kampaniyo kuti ibedwe. Ngati simungakwanitse kusunga tsamba lanu, onetsetsani kuti mwasunthira ku kampani yoyang'anira yomwe ingatero! Kugwiritsanso ntchito ndalama zochepa pakubweza kukadapulumutsa kampaniyi ku manyazi.

Mukakhulupirira kuti zonse zakonzedwa ndi kuumitsidwa, mutha kubwezera tsambalo ndi moyo pochotsa .htaccess kulozera. Ukangokhala moyo, yang'anani matenda omwewo omwe analipo kale. Nthawi zambiri ndimagwiritsa ntchito zida zowunikira msakatuli kuti ndiwone momwe tsamba likufunira. Ndimayang'ana pempho lililonse lapaintaneti kuti ndiwonetsetse kuti silili pulogalamu yaumbanda kapena yosamvetsetseka… ngati ndi choncho, yabwerera kumtunda ndikuyambiranso.

Kumbukirani - tsamba lanu likadzayeretsedwa, silidzachotsedwa pamindandanda yakuda. Muyenera kulumikizana ndi aliyense ndikupanga zopempha malinga ndi mndandanda wathu pamwambapa.

Kubedwa chonchi sikusangalatsa. Makampani amalipira madola mazana angapo kuti achotse zoopsezazi. Ndinagwira ntchito osachepera maola 8 kuti ndithandizire kampaniyi kuyeretsa tsamba lawo.

Mukuganiza chiyani?

Tsambali likugwiritsa ntchito Akismet kuchepetsa spam. Phunzirani momwe deta yanu ikufotokozera.