ProHoster > Blog > nouvèl sou entènèt > Backdoor nan 93 grefon AccessPress ak tèm yo itilize sou 360 sit entènèt

Backdoor nan 93 grefon AccessPress ak tèm yo itilize sou 360 sit entènèt

Atakè yo te jere yo entegre yon pòt deye nan 40 grefon ak tèm 53 pou sistèm jesyon kontni WordPress, devlope pa AccessPress, ki reklame ke ajoute-ons li yo yo te itilize sou plis pase 360 ​​mil sit. Rezilta yo nan analiz la nan ensidan an poko bay, men li sipoze ke kòd la move te prezante pandan konpwomi a nan sit entènèt AccessPress la, fè chanjman nan achiv yo ofri pou telechaje ak degaje deja lage, depi degize a prezan. sèlman nan kòd la distribye atravè sit entènèt ofisyèl AccessPress la, men se absan nan sa yo degaje yo menm nan ajoute-ons distribye nan anyè WordPress.org la.

Chanjman move yo te dekouvri pa yon chèchè nan JetPack (yon divizyon WordPress devlopè otomatik) pandan y ap egzamine kòd move yo te jwenn sou sit entènèt yon kliyan an. Yon analiz de sitiyasyon an te montre ke chanjman move te prezan nan WordPress add-on telechaje nan sit entènèt ofisyèl AccessPress la. Lòt adisyon ki soti nan menm manifakti a te tou sijè a modifikasyon move ki pèmèt aksè konplè nan sit la ak dwa administratè.

Pandan modifikasyon an, atakè yo te ajoute dosye "initial.php" nan achiv yo ak grefon ak tèm, ki te konekte atravè direktiv "include" nan dosye "functions.php". Pou konfonn santye a, kontni move nan fichye "initial.php" te kamouflaj kòm yon blòk done kode base64. Mete move a, anba laparans pou jwenn yon imaj nan sit entènèt wp-theme-connect.com, dirèkteman chaje kòd la backdoor nan dosye wp-includes/vars.php.

Backdoor nan 93 grefon AccessPress ak tèm yo itilize sou 360 sit entènèt
Backdoor nan 93 grefon AccessPress ak tèm yo itilize sou 360 sit entènèt

Premye sit yo ki te gen chanjman move nan Add-ons AccessPress yo te idantifye nan mwa septanm 2021. Li sipoze ke li te lè sa a ke backdoor la te antre nan ajoute-ons yo. Premye notifikasyon bay AccessPress sou pwoblèm idantifye a pa t jwenn repons, epi AccessPress te sèlman kapab jwenn atansyon apre li te enplike ekip WordPress.org nan ankèt la. Nan dat 15 oktòb 2021, yo te retire achiv yo ki te afekte pa deyè pòt la sou sitwèb AccessPress la, epi nouvo vèsyon siplemantè yo te pibliye 17 janvye 2022.

Sucuri te egzamine sit kote yo te enstale vèsyon AccessPress ki afekte yo epi li te idantifye prezans modil move ki te chaje atravè yon pòt deye ki te voye spam ak redireksyon tranzisyon sou sit fwod (modil yo te date 2019 ak 2020). Li sipoze ke otè yo nan degize a te vann aksè nan sit konpwomèt.

Tèm ki genyen sibstitisyon nan backdoor:

  • accessbuddy 1.0.0
  • accesspress-basic 3.2.1
  • accesspress-lite 2.92
  • accesspress-mag 2.6.5
  • accesspress-parallax 4.5
  • accesspress-ray 1.19.5
  • accesspress-root 2.5
  • accesspress-staple 1.9.1
  • accesspress-store 2.4.9
  • ajans-lite 1.1.6
  • aplite 1.0.6
  • bingle 1.0.4
  • blogger 1.2.6
  • konstriksyon-lite 1.2.5
  • doko 1.0.27
  • eklere 1.3.5
  • fashstore 1.2.1
  • fotografi 2.4.0
  • gaga-corp 1.0.8
  • gaga-lite 1.4.2
  • yon sèl-espas 2.2.8
  • parallax-blog 3.1.1574941215
  • parallaxsome 1.3.6
  • pwen 1.1.2
  • vire 1.3.1
  • rid 1.2.0
  • scrollme 2.1.0
  • sportsmag 1.2.1
  • storevilla 1.4.1
  • swing-lite 1.1.9
  • lansè a 1.3.2
  • lendi a 1.4.1
  • uncode-lite 1.3.1
  • likon-lite 1.2.6
  • vmag 1.2.7
  • vmagazine-lite 1.3.5
  • vmagazine-news 1.0.5
  • zigcy-baby 1.0.6
  • zigcy-cosmetics 1.0.5
  • zigcy-lite 2.0.9

Plugins kote yo te detekte sibstitisyon backdoor:

  • accesspress-anonymous-post 2.8.0 2.8.1 1
  • accesspress-custom-css 2.0.1 2.0.2
  • accesspress-custom-post-type 1.0.8 1.0.9
  • accesspress-facebook-auto-post 2.1.3 2.1.4
  • accesspress-instagram-feed 4.0.3 4.0.4
  • accesspress-pinterest 3.3.3 3.3.4
  • accesspress-social-counter 1.9.1 1.9.2
  • accesspress-social-icons 1.8.2 1.8.3
  • accesspress-social-login-lite 3.4.7 3.4.8
  • accesspress-social-share 4.5.5 4.5.6
  • accesspress-twitter-auto-post 1.4.5 1.4.6
  • accesspress-twitter-feed 1.6.7 1.6.8
  • ak-menu-icons-lite 1.0.9
  • ap-companion 1.0.7 2
  • ap-contact-form 1.0.6 1.0.7
  • ap-custom-testimonial 1.4.6 1.4.7
  • ap-mega-menu 3.0.5 3.0.6
  • ap-pricing-tables-lite 1.1.2 1.1.3
  • apex-notification-bar-lite 2.0.4 2.0.5
  • cf7-store-to-db-lite 1.0.9 1.1.0
  • comments-disable-accesspress 1.0.7 1.0.8
  • easy-side-tab-cta 1.0.7 1.0.8
  • everest-admin-theme-lite 1.0.7 1.0.8
  • everest-coming-soon-lite 1.1.0 1.1.1
  • everest-comment-rating-lite 2.0.4 2.0.5
  • everest-counter-lite 2.0.7 2.0.8
  • everest-faq-manager-lite 1.0.8 1.0.9
  • everest-galeri-lite 1.0.8 1.0.9
  • everest-google-places-reviews-lite 1.0.9 2.0.0
  • everest-review-lite 1.0.7
  • everest-tab-lite 2.0.3 2.0.4
  • everest-timeline-lite 1.1.1 1.1.2
  • inline-call-to-action-builder-lite 1.1.0 1.1.1
  • pwodwi-slider-pou-woocommerce-lite 1.1.5 1.1.6
  • smart-logo-showcase-lite 1.1.7 1.1.8
  • smart-scroll-posts 2.0.8 2.0.9
  • smart-scroll-to-top-lite 1.0.3 1.0.4
  • total-gdpr-compliance-lite 1.0.4
  • total-team-lite 1.1.1 1.1.2
  • ultimate-author-box-lite 1.1.2 1.1.3
  • ultim-form-builder-lite 1.5.0 1.5.1
  • woo-badge-designer-lite 1.1.0 1.1.1
  • wp-1-slider 1.2.9 1.3.0
  • wp-blog-manager-lite 1.1.0 1.1.2
  • wp-comment-designer-lite 2.0.3 2.0.4
  • wp-cookie-user-info 1.0.7 1.0.8
  • wp-facebook-review-showcase-lite 1.0.9
  • wp-fb-messenger-button-lite 2.0.7
  • wp-floating-menu 1.4.4 1.4.5
  • wp-media-manager-lite 1.1.2 1.1.3
  • wp-popup-banners 1.2.3 1.2.4
  • wp-popup-lite 1.0.8
  • wp-product-gallery-lite 1.1.1

Sous: opennet.ru

Add nouvo kòmantè