ProHoster > Блог > rongo ipurangi > Ngā ngoikoretanga nui i roto i WordPress- Monomai Kaiwhakahaere Kōnae, e 700 mano ngā tāutanga

Ngā ngoikoretanga nui i roto i WordPress- Monomai Kaiwhakahaere Kōnae, e 700 mano ngā tāutanga

В WordPress-monomai Kaiwhakahaere kōnae, me te neke atu i te 700 ngā tāutanga hohe, kua tautuhia He ngoikoretanga e āhei ai te whakahaere i ngā whakahau me ngā tuhinga PHP i runga i te tūmau. Ka pā te raruraru ki te Kaiwhakahaere Kōnae putanga 6.0 ki te 6.8, ā, kua whakatikahia i te putanga 6.9.

Ka whakaratohia e te monomai Kaiwhakahaere Kōnae ngā taputapu whakahaere kōnae mā te kaiwhakahaere. WordPress, mā te whakamahi i te whare pukapuka kua whakaurua mō te whakahaere kōnae taumata-iti elFinderKei roto i te waehere pūtake o te whare pukapuka elFinder ngā tauira kōnae waehere, e tukuna ana i roto i te whaiaronga mahi me te toronga ".dist". Nā te mea i te wā o te tohatoha o te whare pukapuka, i whakaingoatia anō te kōnae "connector.minimal.php.dist" ki "connector.minimal.php" ā, i wātea mō te whakahaere i te wā e tukuna ana ngā tono o waho, ka taea te mahi i tēnei hōtuhi (tukuake, whakatuwhera, ētita, whakaingoa anō, rm, me ētahi atu), nā te mea ka tukuna ōna tawhā ki te mahi run() o te mono matua, ka taea te whakamahi hei whakakapi i ngā kōnae PHP i roto i te WordPress me te whakahaere i te waehere tūpono.

Ka nui haere te mōrearea nā te mea kua kitea kētia te ngoikore whakamahia Hei whakahaere i ngā whakaeke aunoa, ka tukuna ake he whakaahua kei roto he waehere PHP ki te kōpaki "plugins/wp-file-manager/lib/files/" mā te whakamahi i te whakahau "upload". Kātahi ka whakaingoatia anō te whakaahua ki tētahi tuhinga PHP me te ingoa kua whiriwhiria matapōkeretia kei roto ko te tuhinga "hard" "x" rānei. (hei tauira, hardfork.php, hardfind.php, x.php, me ētahi atu). Kia oti te whakahaere, ka tāpirihia e te waehere PHP he tatau muri ki ngā kōnae /wp-admin/admin-ajax.php me /wp-includes/user.php, ka tukuna he urunga ki ngā kaiwhakaeke ki te atanga kaiwhakahaere o te pae. Ka oti te whakamahi kino mā te tuku tono POST ki te kōnae "wp-file-manager/lib/php/connector.minimal.php."

He mea tika kia mōhiotia i muri i te taumanutia, hei tāpiritanga ki te wehenga atu i te tatau o muri, ka mahia ngā huringa hei tiaki i te urunga atu ki te kōnae connector.minimal.php, kei roto nei te ngoikoretanga, kia kore ai e taea e ētahi atu kaiwhakaeke te whakaeke i te tūmau.
I kitea ngā nganatanga whakaeke tuatahi i te 1 o Hepetema i te 7 i te ata (UTC).
I te 12:33 PM (UTC), i tukuna e ngā kaiwhakawhanake monomai Kaiwhakahaere Kōnae tētahi papaki. E ai ki a Wordfence, te kamupene i kitea te ngoikoretanga, i āraihia e tā rātou pareārai ahi tata ki te 450 ngā nganatanga ki te whakamahi i te ngoikoretanga i roto i te rā kotahi. I whakaatuhia e te matawai whatunga kāore anō kia whakahoutia te 52% o ngā paetukutuku e whakamahi ana i te monomai, ā, kei te noho ngoikore tonu. I muri i te tāutanga o te whakahoutanga, he mea pai kia tirohia te rangitaki tūmau HTTP mō ngā waeatanga ki te tuhinga "connector.minimal.php" hei whakatau mēnā kua takahia te pūnaha.

Hei tāpiri, ka taea te tuhi i tētahi whakatikatika whakatikatika. WordPress 5.5.1 e whakaarohia ana 40 whakatika.

Source: opennet.ru

Hokona te manaaki pono mo nga waahi me te tiaki DDoS, nga kaiwhakarato VPS VDS 🔥 Hokona he manaaki paetukutuku pono me te tiakitanga DDoS, ngā tūmau VPS VDS | ProHoster