{"id":4930,"date":"2017-12-20T10:06:31","date_gmt":"2017-12-20T10:06:31","guid":{"rendered":"https:\/\/musilda.cz\/?p=4930"},"modified":"2017-12-20T10:06:31","modified_gmt":"2017-12-20T10:06:31","slug":"captcha-plugin-s-300-000-instalacemi-obsahuje-backdoor","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/captcha-plugin-s-300-000-instalacemi-obsahuje-backdoor\/","title":{"rendered":"Captcha plugin s 300 000 instalacemi obsahuje backdoor"},"content":{"rendered":"

Popul\u00e1rn\u00ed plugin Captcha, s v\u00edce ne\u017e t\u0159ista tis\u00edc\u00ed aktivn\u00edmi instalacemi, byl na n\u011bjakou dobu odstran\u011bn z reposit\u00e1\u0159e WordPressu.<\/p>\n

Dle vyj\u00e1d\u0159en\u00ed v\u00fdvoj\u00e1\u0159e, \u0161lo o probl\u00e9m s pou\u017eit\u00edm WordPress v n\u00e1zvu pluginu a byl odstran\u011bn do t\u00e9 doby, ne\u017e bude p\u0159ebrandov\u00e1n.<\/p>\n

WordFence t\u00fdm sleduje pluginy, s velkou u\u017eivatelskou z\u00e1kladnou, kter\u00e9 jsou z n\u011bjak\u00e9ho d\u016fvodu odstran\u011bny z reposit\u00e1\u0159e a ud\u011bl\u00e1 jejich bezpe\u010dnostn\u00ed audit.<\/p>\n

P\u0159i kontrole pluginu, byl nalezen tento k\u00f3d:<\/p>\n

\"\"<\/a><\/p>\n

Tento k\u00f3d p\u0159i automatick\u00e9 aktualizaci st\u00e1hne kopii pluginu v zip souboru z webu\u00a0simplywordpress.net a p\u0159einstaluje aktivn\u00ed verzi pluginu.<\/p>\n

Nov\u00e1 verze obsahuje drobn\u00e9 zm\u011bny v k\u00f3du a soubor plugin-update.php, kter\u00fd je backdoor:<\/p>\n

\"\"<\/a><\/p>\n

Zavol\u00e1n\u00edm tohoto souboru je umo\u017en\u011bn neautorizovan\u00fd administr\u00e1torsk\u00fd p\u0159\u00edstup do administrace webu. Nav\u00edc je soubor zcela nechr\u00e1n\u011bn a zavolat jej m\u016f\u017ee kdokoliv. Co\u017e je spln\u011bn\u00fd sen v\u0161ech automatizovan\u00fdch \u00fatok\u016f.<\/p>\n

D\u016fle\u017eit\u00e9 je, \u017ee p\u0159i nainstalov\u00e1n\u00ed verze s backdoorem, se zm\u011bn\u00ed i url, z kter\u00e9 byl sta\u017een z\u00e1vadn\u00fd zip a nahrad\u00ed se verz\u00ed, jen\u017e je toto\u017en\u00e1 s pluginem na WordPress.org. T\u00edm je smaz\u00e1na stopa po backdooru.<\/p>\n

Kdo stoj\u00ed za pluginem Captcha?<\/h2>\n

Podobn\u011b, jako d\u0159\u00edve, odvedl t\u00fdm WordFence p\u0159\u00edmo detektivn\u00ed pr\u00e1ci.<\/p>\n

Psali jsme d\u0159\u00edve:\u00a0https:\/\/musilda.cz\/skandal-ve-wp-repozitari-plugin-vice-nez-200k-instalacemi-obsahoval-zadni-vratka\/<\/a><\/p>\n

A opakuje se n\u00e1m zde stejn\u00fd postup. P\u016fvodn\u00ed developer p\u0159enechal v\u00fdvoj pluginu nov\u00e9mu vlastn\u00edkovi. P\u016fvodn\u00ed v\u00fdvoj\u00e1\u0159, spole\u010dnost Bestwebsoft informovala o p\u0159enech\u00e1n\u00ed v\u00fdvoje 5.9.2017 na sv\u00e9m webu: https:\/\/bestwebsoft.com\/free-captcha-version-is-now-supported-by-other-developers\/<\/a><\/p>\n

Kdo je ale sou\u010dasn\u00fd v\u00fdvoj\u00e1\u0159? To nen\u00ed zcela jasn\u00e9, pokud v\u00e1s zaj\u00edmaj\u00ed podrobnosti, pod\u00edvejte se na\u00a0https:\/\/www.wordfence.com\/blog\/2017\/12\/backdoor-captcha-plugin\/<\/a>, kde je v\u00edce informac\u00ed a op\u011bt se zmi\u0148uje jist\u00fd Souza, zn\u00e1m\u00fd z vv\u00fd\u0161e zm\u00edn\u011bn\u00e9ho \u010dl\u00e1nku.<\/p>\n

Plugin je op\u011bt v reposit\u00e1\u0159i<\/h2>\n

Plugin se op\u011bt objevil v reposit\u00e1\u0159i na WordPress.org, proto\u017ee t\u00fdm WordFence a t\u00fdm pro pluginy z WordPress.org upravili plugin s backdoorem a vydali jeho novou verzi 4.4.5, jen\u017e je ji\u017e bezpe\u010dn\u00e1. Z\u00e1rove\u0148 bylo zamezeno majiteli pluginu, nahr\u00e1vat jak\u00e9koliv dal\u0161\u00ed aktualizace tohoto pluginu.<\/p>\n

Pokud m\u00e1te na webu plugin\u00a0https:\/\/wordpress.org\/plugins\/captcha\/<\/a> nainstalov\u00e1n, bu\u010f jej odstra\u0148te, nebo jej co nejrychleji aktualizujte, jinak nech\u00e1te na webu backdoor s pozv\u00e1nkou.<\/p>\n

Zdroj:\u00a0https:\/\/www.wordfence.com\/blog\/2017\/12\/backdoor-captcha-plugin\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Popul\u00e1rn\u00ed plugin Captcha, s v\u00edce ne\u017e t\u0159ista tis\u00edc\u00ed aktivn\u00edmi instalacemi, byl na n\u011bjakou dobu odstran\u011bn z reposit\u00e1\u0159e WordPressu. Dle vyj\u00e1d\u0159en\u00ed v\u00fdvoj\u00e1\u0159e, \u0161lo o probl\u00e9m s pou\u017eit\u00edm WordPress v n\u00e1zvu pluginu a byl odstran\u011bn do t\u00e9 doby, ne\u017e bude p\u0159ebrandov\u00e1n. WordFence t\u00fdm sleduje pluginy, s velkou u\u017eivatelskou z\u00e1kladnou, kter\u00e9 jsou z n\u011bjak\u00e9ho d\u016fvodu odstran\u011bny z reposit\u00e1\u0159e<\/p>\n","protected":false},"author":1,"featured_media":4933,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[79,93,479],"class_list":["post-4930","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu","tag-backdoor","tag-captcha","tag-wordpress-backdoor"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/4930"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=4930"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/4930\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/4933"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=4930"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=4930"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=4930"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}