昨日、wordpressサイトがハッキングされ、PHP=バックドアシェルがサイトにインストールされていることに気づきました。プラグインファイルが内部にあるとウイルススキャナが報告しましたぼくの wp-content/uploads
自分でアップロードしなかったもの。 wordpressプラグインといくつかのphpシェルが含まれていました。
このファイルがそこにどのように配置されたかはわかりません。このファイルを使用することで、ハッカーは私のホストのルートフォルダーにアクセスし、ファイルを作成し、実行を許可するファイルのアクセス許可を変更することができます。
ハッカーにどのように役立ち、どのようなメリットがあるかはわかりませんが、ホストにファイルを作成し、Google検索コンソールのプロパティとしてサイトを主張することができます。私は知りたいです:
私はwordpress 4.6.9を使用しています。ファイル転送にプレーンFTPを使用したことがありますが、問題が発生する可能性があると思いますが、よくわかりません。また、データベースのサイズとホストのディスク使用量。
> [09/May/2018:11:23:46 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45264 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
[09/May/2018:12:01:48 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45165 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
[09/May/2018:12:22:13 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 24576 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
[09/May/2018:12:22:15 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 301 0 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36"
[09/May/2018:12:22:17 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 17044 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36"
[09/May/2018:12:22:19 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 301 0 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.0 Mobile/14F89 Safari/602.1"
[09/May/2018:12:22:20 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 24576 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.0 Mobile/14F89 Safari/602.1"
[09/May/2018:12:22:27 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 16927 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
[09/May/2018:12:22:29 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 24576 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) Version/10.0 Mobile/14D27 Safari/602.1"
09/May/2018:12:22:31 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 17044 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/search.php" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
[09/May/2018:12:22:34 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 48900 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/search.php" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
[10/May/2018:08:28:53 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99024 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:28:57 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99024 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:28:59 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99024 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:29:02 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99024 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:29:04 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99024 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:29:06 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99033 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:08:29:08 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99062 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[10/May/2018:11:08:58 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45215 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Win64; x64; Trident/6.0)"
[11/May/2018:08:51:13 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45110 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2913.70 Safari/537.36"
[16/May/2018:06:33:19 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45322 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:51.0) Gecko/20100101 Firefox/51.0"
[16/May/2018:09:11:02 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 48747 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
[16/May/2018:09:11:06 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 301 0 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Linux; Android 7.0; SAMSUNG SM-G935F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/5.4 Chrome/51.0.2704.106 Mobile Safari/537.36"
[16/May/2018:09:11:08 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 24576 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Linux; Android 7.0; SAMSUNG SM-G935F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/5.4 Chrome/51.0.2704.106 Mobile Safari/537.36"
[16/May/2018:09:11:20 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 301 0 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
[16/May/2018:09:11:25 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 16891 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
[16/May/2018:09:11:29 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 16941 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
- [16/May/2018:09:11:32 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 16963 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/search.php" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"
- [16/May/2018:09:11:35 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 16891 "http://my.site/wp-content/plugins/background-image-cropper/image/ico/search.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0"
[16/May/2018:09:11:27 +0430] "POST /wp-content/plugins/background-image-cropper/image/ico/dump.php HTTP/1.1" 404 40109 "http://www.my.site/wp-content/plugins/background-image-cropper/image/ico/dump.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36"
[17/May/2018:16:16:14 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99562 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:16 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99562 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:18 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99562 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:21 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99562 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:23 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99562 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:26 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99676 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[17/May/2018:16:16:28 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 99676 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[23/May/2018:16:46:27 +0430] "POST /wp-content/plugins/background-image-cropper/wp-post.php HTTP/1.1" 404 81920 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
[23/May/2018:16:46:57 +0430] "POST /wp-content/uploads/kc_extensions/background-image-cropper/wp-post.php HTTP/1.1" 404 99574 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
[24/May/2018:15:40:32 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45263 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2904.89 Safari/537.36"
[28/May/2018:14:35:16 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45712 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0)"
[29/May/2018:12:22:32 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 90112 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[30/May/2018:01:44:44 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 45559 "http://my.site/wp-admin/update.php?action=upload-plugin" "Mozilla/5.0 (Windows NT 5.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2703.62 Safari/537.36"
[31/May/2018:05:44:23 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[31/May/2018:05:44:24 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[31/May/2018:05:44:25 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[31/May/2018:10:04:27 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:29 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100303 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:31 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:33 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:37 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100332 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:39 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100560 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[31/May/2018:10:04:42 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100560 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/62.0.3202.89 Chrome/62.0.3202.89 Safari/537.36"
[01/Jun/2018:09:38:38 +0430] "GET /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100339 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[01/Jun/2018:09:38:40 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100310 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[01/Jun/2018:09:38:43 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100339 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[01/Jun/2018:09:38:47 +0430] "POST /wp-content/plugins/background-image-cropper/accesson.php HTTP/1.1" 404 100339 "http://ya.ru/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/60.0.3112.78 Chrome/60.0.3112.78 Safari/537.36"
[01/Jun/2018:16:06:12 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101532 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[01/Jun/2018:16:06:19 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101503 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[01/Jun/2018:16:06:25 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101532 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[02/Jun/2018:07:24:00 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101421 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[02/Jun/2018:07:24:05 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101421 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[02/Jun/2018:07:24:11 +0430] "POST /wp-content/plugins/background-image-cropper/opn-post.php HTTP/1.1" 404 101421 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
[07/Jun/2018:16:40:49 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 90112 "my.site" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
[07/Jun/2018:23:28:13 +0430] "GET /wp-content/plugins/background-image-cropper/image/ico/search.php HTTP/1.1" 404 98304 "my.site" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.75 Safari/537.36"
[09/Jun/2018:14:32:25 +0430] "GET /wp-content/uploads/2018/05/background-image-cropper.Zip HTTP/1.1" 404 101833 "http://my.site/wp-content/uploads/2018/05/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:33 +0430] "GET /wp-content/uploads/2018/05/background-image-cropper.Zip HTTP/1.1" 404 101833 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:44 +0430] "GET /wp-content/uploads/2018/05/background-image-cropper.Zip HTTP/1.1" 404 24684 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:57 +0430] "GET /wp-content/uploads/2018/05/Image_4-1-310x165.jpg HTTP/1.1" 200 13261 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.Zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:57 +0430] "GET /wp-content/uploads/2018/03/3338870a59339803fde5c832a78dc735-310x165.jpg HTTP/1.1" 200 12743 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.Zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:57 +0430] "GET /wp-content/uploads/2018/04/%D8%AD%D9%85%D8%A7%D9%85-1-310x165.jpg HTTP/1.1" 200 12613 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.Zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:57 +0430] "GET /wp-content/uploads/2018/05/Image_10-310x165.jpg HTTP/1.1" 200 19456 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.Zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:58 +0430] "GET /wp-content/plugins/WP_Visual_Chat/assets/images/administrator-2-128.png HTTP/1.1" 200 2999 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.Zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:58 +0430] "POST /?wc-ajax=get_refreshed_fragments HTTP/1.1" 200 411 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.Zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
[09/Jun/2018:14:32:58 +0430] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 35 "http://my.site/wp-content/uploads/2018/05/background-image-cropper.Zip" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
ハッカーは私のホストのルートフォルダーにアクセスし、ファイルを作成し、ファイルのアクセス許可を変更して実行を許可することができます。
つまり、基本的にシステムに無制限の侵害があり、すべてのユーザーデータ、データベースパスワード、APIキーなどが含まれます。
少年は、変更するパスワードをいくつか持っています。楽しんで。
システムがまだ実行中の場合:停止する。この時点では、サーバーは自分のものではありません。あなたはデータベースとホストのディスク使用量の変化に気づいたと言います、そしてそれの最も良い説明はあなたのシステムを広告提供ボットとして悪用すること、いくつかのボットネットのコマンドとコントロールのバックアップ、そして児童ポルノの配布の間のどこかにあるでしょう。
Google Search Consoleの変更は、違法な広告収益を生み出すためにサイトを変更する予定だったスキーム、または別のサイトへのフォワーダーと同じように、害のない(計画的な?)使用法を示している可能性があります。いずれにせよ、それは乗っ取りが暗号通貨をたまたま採掘しただけではなかったことを示しているため、元の攻撃者が別の検出/利益のトレードオフのリスクを念頭に置いていた可能性があります。
停止します。後で調査するためにスナップショットを保存します/無罪の証明。システムをフラット化します。新しい最小限のシステムを起動します。
これはすべて、セキュリティホールを理解するのに時間を割く価値がないことを示しています。お使いのシステムは安全ではなかったので、正直に言うと、おそらくすべてWordPressがランダムなプラグインで実行されることから始まります。したがって、おそらくすべての残忍な誠実さで、おそらく誰かに直面させることができます。ウェブサイトを運営したいだけ」:
Wordpressをダンプします。
または、静的サイトを生成してアップロードするために、コンピューター上でローカルにのみ実行します。しかし、その時点で、他のCMSははるかに使いやすくなります。提供されたコンテンツ/スクリプトへの読み取り専用アクセスを使用して、データベースとは別のコンテナーでWebサーバーを実行します。今日のSELinuxは、多くのことをより安全にセットアップすることを容易にします。これを使って; SELinuxが提供するPHP Shellが単純な「いいえ、そのプロセスはアクセスすることを意図したフォルダ以外にはアクセスできません」と呼ばれています。これはすべて「標準」です。 「最近、そして驚くほど簡単です(「使いにくいのでSELinuxを停止する」という悪いチュートリアルに従っていない限り。ここでは、digitalOceanを見てください)。
プレーンFTPを使用しました
良くない。 TLSカプセル化FTPは、最近のどのシステムでも実際に利用できます。または、SSH/SCP(FTPよりも優れたファイルリストプロトコル)に直接進みます。とにかく、これは悪意のある者が盗聴できた場合のセキュリティ上の問題にすぎません。しかし、それは共有ホスティング、WiFi、ホームネットワークで発生する可能性があります。そのため、サーバーへの暗号化されていないアクセスは単に不要であり、追加のコストや複雑さなしに回避できます。しないでください。