Kwiplagi ye-WordPress ngofakelo olusebenzayo olungaphezulu kwamawaka angama-700, ubuthathaka obuvumela imiyalelo engenasizathu kunye nemibhalo ye-PHP ukuba yenziwe kumncedisi. Umba uvela kuMphathi weFayile ukhupha i-6.0 nge-6.8 kwaye usonjululwe ekukhululweni kwe-6.9.
Iplagi yoMphathi weFayile ibonelela ngezixhobo zolawulo lwefayile kumlawuli weWordPress, usebenzisa ithala leencwadi elibandakanyiweyo lokuphathwa kwefayile kwinqanaba elisezantsi. . Ikhowudi yomthombo welayibrari ye-elFinder iqulethe iifayile ezinemizekelo yekhowudi, enikezelwa kuluhlu olusebenzayo kunye nolwandiso ".dist". Ubuthathaka bubangelwa kukuba xa ithala leencwadi lithunyelwa, ifayile ethi "connector.minimal.php.dist" yabizwa ngokuba yi "connector.minimal.php" kwaye yafumaneka ukuba iqhutywe xa ithumela izicelo zangaphandle. Ushicilelo olukhankanyiweyo likuvumela ukuba wenze nayiphi na imisebenzi ngeefayile (ukulayisha, vula, umhleli, ukuthiya ngokutsha, rm, njl.njl.), kuba iiparameters zayo zigqithiselwe kwi-run() umsebenzi weplagin engundoqo, enokusetyenziswa ukutshintsha iifayile zePHP. kwiWordPress kwaye uqhube ikhowudi engafanelekanga.
Yintoni eyenza ingozi ibe mandundu kukuba ubuthathaka sele bukhona ukwenza uhlaselo oluzenzekelayo, ngexesha apho umfanekiso oqulathe ikhowudi ye-PHP ulayishwa kwi "plugins/wp-file-manager/lib/files/" directory usebenzisa "ukulayisha" umyalelo, othiywe ngokutsha kwiscript sePHP esigama liyi. ekhethwe ngokungenamkhethe kwaye iqulethe isicatshulwa "kanzima" okanye "x.", umzekelo, hardfork.php, hardfind.php, x.php, njl.). Emva kokuba iqhutywe, ikhowudi ye-PHP yongeza i-backdoor kwi /wp-admin/admin-ajax.php kunye /wp-includes/user.php iifayile, ukunika abahlaseli ukufikelela kwi-interface yomphathi wesayithi. Ukusebenza kuqhutyelwa ngokuthumela isicelo se-POST kwifayile "wp-file-manager/lib/php/connector.minimal.php".
Kuyaphawuleka ukuba emva kwe-hack, ngaphezu kokushiya i-backdoor, utshintsho lwenziwa ukukhusela iifowuni ezongezelelweyo kwifayile ye-connector.minimal.php, equlethe ubuthathaka, ukwenzela ukuvimba amathuba okuba abanye abahlaseli bahlasele umncedisi.
Imizamo yokuqala yokuhlaselwa yafunyanwa ngoSeptemba 1 ngo-7 am (UTC). IN
12:33 (UTC) abaphuhlisi beplagi yoMphathi weFayile bakhuphe isiqwenga. Ngokwenkampani ye-Wordfence echonge ubuthathaka, i-firewall yabo ivale malunga nama-450 amawaka emalinge okuxhaphaza ubuthathaka ngosuku. Iskena sothungelwano sibonise ukuba i-52% yeesayithi ezisebenzisa le plugin azikahlaziywa kwaye zihlala zisengozini. Emva kokufaka uhlaziyo, kunengqiqo ukujonga i-log yeseva ye-http kwiifowuni kwi-script "connector.minimal.php" ukugqiba ukuba inkqubo iye yaphazamiseka.
Ukongeza, unokuqaphela ukukhutshwa kokulungiswa ecetywayo .
umthombo: opennet.ru