{"id":4070,"date":"2017-07-14T16:21:10","date_gmt":"2017-07-14T16:21:10","guid":{"rendered":"http:\/\/musilda.cz\/?p=4070"},"modified":"2017-07-14T16:21:10","modified_gmt":"2017-07-14T16:21:10","slug":"novy-automatizovany-utok-nedokoncene-instalace-wordpressu","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/novy-automatizovany-utok-nedokoncene-instalace-wordpressu\/","title":{"rendered":"Nov\u00fd automatizovan\u00fd \u00fatok na nedokon\u010den\u00e9 instalace WordPressu"},"content":{"rendered":"

P\u0159i monitorov\u00e1n\u00ed \u00fatok\u016f na WordPress instalace, zanamenala slu\u017eba WordFence, mas\u00edvn\u00ed n\u00e1r\u016fst nov\u00e9ho typu \u00fatok\u016f.<\/p>\n

Automatizovan\u00fd \u00fatok scanuje url\u00a0\/wp-admin\/setup-config.php. V p\u0159\u00edpad\u011b, \u017ee je tato url nalezena a obsahuje setup, \u00fato\u010dn\u00edk zjist\u00ed, \u017ee je sice nainstalov\u00e1n WordPress, ale nen\u00ed dokon\u010dena instalace.<\/p>\n

V tu chv\u00edli je pom\u011brn\u011b snadn\u00e9 pro \u00fato\u010dn\u00edka napadnout nejen nov\u00fd web, ale i hosting a v\u0161echny weby v n\u011bm um\u00edst\u011bn\u00e9.<\/p>\n

Jak \u00fatok funguje?<\/h2>\n

WordPress m\u016f\u017ee b\u00fdt nainstalov\u00e1n pomoc\u00ed FTP, prost\u00fdm p\u0159ekop\u00edrov\u00e1n\u00edm soubor\u016f, nebo instalaci vytvo\u0159\u00ed hosting pomoc\u00ed autoinstala\u010dn\u00edho bal\u00ed\u010dku.<\/p>\n

V obou p\u0159\u00edpadech to m\u016f\u017ee znamenat, \u017ee na serveru jsou pot\u0159ebn\u00e9 soubory, ale nen\u00ed vytvo\u0159en\u00fd configura\u010dn\u00ed soubor.<\/p>\n

\u00dato\u010dn\u00edk pak jednodu\u0161e projde instal\u010dn\u00edm formul\u00e1\u0159em a do formul\u00e1\u0159e pro p\u0159\u00edstup k datab\u00e1zi, vlo\u017e\u00ed svou datab\u00e1zi. N\u00e1sledn\u011b dokon\u010d\u00ed instala\u010dn\u00ed proces a s \u00fadajik admin \u00fa\u010dtu, jen\u017e zadal, je schopen se p\u0159ihl\u00e1sit do administrace WordPressu.<\/p>\n

D\u00edky tomu, \u017ee m\u00e1 admin pr\u00e1va, m\u016f\u017ee na server nainstalovat jak\u00fdkoliv plugin a d\u00edky n\u011bmu i spustit bez probl\u00e9mu \u0161kodliv\u00fd k\u00f3d.<\/p>\n

Jeho proveden\u00edm tak m\u016f\u017ee z\u00edskat p\u0159\u00edstup ke v\u0161em soubor\u016fm a instalac\u00edm, jen\u017e jsou sou\u010d\u00e1st\u00ed hostingu.<\/p>\n

Zdroj:\u00a0https:\/\/www.wordfence.com\/blog\/2017\/07\/wpsetup-attack\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

P\u0159i monitorov\u00e1n\u00ed \u00fatok\u016f na WordPress instalace, zanamenala slu\u017eba WordFence, mas\u00edvn\u00ed n\u00e1r\u016fst nov\u00e9ho typu \u00fatok\u016f. Automatizovan\u00fd \u00fatok scanuje url\u00a0\/wp-admin\/setup-config.php. V p\u0159\u00edpad\u011b, \u017ee je tato url nalezena a obsahuje setup, \u00fato\u010dn\u00edk zjist\u00ed, \u017ee je sice nainstalov\u00e1n WordPress, ale nen\u00ed dokon\u010dena instalace. V tu chv\u00edli je pom\u011brn\u011b snadn\u00e9 pro \u00fato\u010dn\u00edka napadnout nejen nov\u00fd web, ale i hosting a<\/p>\n","protected":false},"author":1,"featured_media":1775,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[534],"class_list":["post-4070","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu","tag-wp-setup-attack"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/4070"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=4070"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/4070\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/1775"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=4070"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=4070"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=4070"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}