Tusaha Maqaalka
- 1 Soo dejiso plugin Security Wordfence
- 2 Waa maxay sababta aan u helo "Rakibaadda aan dhamaystirnayn ee Wordfence" isla markiiba?
- 3 Sida loo sameeyo Wordfence?
- 4 Maxaan sameeyaa haddii uu khalad ka jiro iskaanka Wordfence?
- 5 Maxaan sameeyaa haddii sawirka Wordfence uu guuldareysto?
- 6 Qoraalada Plugin Wordfence
- 7 Qalabka Xisbiga 3aad Soo hel Trojan Backdoors
- 8 Gunaanad
Iskaanka iyo cilad-baadhistaWordPressQaybaha saddexaad/qalabka loogu talagalay koodka xaasidnimada ah (trojans/backdoors).
Chen WeiliangIsticmaalka lagu taliyeyplugin WordPress ah- Ku-xidhka ilaalinta amniga Wordfence Security
- Waa plugin amniga WordPress ah oo ku salaysan dab-damiska iyo iskaanka kood xaasidnimada leh.
- Waxaa dhisay oo dayactiray koox weyn, 100% diiradda saaray amniga WordPress.
Soo dejiso plugin Security Wordfence
Riix halkan si aad u booqato degelka rasmiga ah ee WordPress si aad u soo dejiso plugin Security WordfenceIn kasta oo uu jiro module lacag ah, waxaan isticmaali karnaa moduleka bilaashka ah "Scan" si aan u sawiro boggayaga WordPress ee faylasha PHP leh "code xaasidnimo".
In kasta oo ay jirto qiime been ah oo gaar ah:
- Inta badan waxaa ugu wacan wanaagga beenta ah ee qaar ka mid ah plugins-yada la bixiyo iyo qaybaha sirta mawduuca.
- Si kastaba ha ahaatee, helitaanka "koodka xaasidnimada" ee Amniga Wordfence waa hubaal hab wax ku ool ah.
- Furitaanka soo noqnoqda ee Wordfence Security plugin laguma talinayo.
- Sababtoo ah dab-damiska iyo ilaalinta amniga, waxay keeni doontaa culeys gaar ah oo ku saabsan xogta, taas oo saameyn doonta waxqabadka guud ee shabakada.
Caadi ahaan, marka aad u baahan tahay inaad awood u yeelatid plugin, samee iskaanka "Scan" jeeg.
Marka la sameeyo, xidh plugin oo u hayso isticmaalka mustaqbalka.
Waa maxay sababta aan u helo "Rakibaadda aan dhamaystirnayn ee Wordfence" isla markiiba?
Sababtoo ah fur-insyada kale ee la midka ah ayaa lagu rakibay, waxaa jira "isku dhac" oo sababay, kaliya dami fur-yada kale ee amniga.
Maxaan sameeyaa haddii plug-ka Wordfence aan si guul leh loo bilaabi karin ka dib marka la joojiyo plug-yada kale ee amniga?
Waxaad isku dayi kartaa amarka SSH inuu dib u bilaabo adeegyada soo socda ▼
systemctl restart httpd systemctl restart nginx systemctl restart mariadb systemctl restart memcached
Natiijooyinka tijaabada, fur-gelinta Wordfence si guul leh ayaa loo bilaabay.
Sida loo sameeyo Wordfence?
Caadi ahaan, waxaad raaci kartaa habaynta caadiga ah ee plugin Wordfence.
Sida loo sameeyo iskaanka plugin Wordfence?
Guji Scan → Scan Options and Jadwalada → Xulashada Nooca Sawirka Aasaasiga ah ▼
- Dejinta lagu taliyay ee "Standard Scan":Talooyinkayaga dhammaan mareegaha internetka.Waxay bixisaa awoodaha ogaanshaha ugu fiican ee warshadaha.
- Dooro inaad dejiso dareenka sare kaliya haddii mareegahaaga la jabsado:Milkiilayaasha goobta ee u malaynaya in la jabsaday.Si aad u faahfaahsan, laakiin waxa laga yaabaa inay soo saarto natiijooyin been abuur ah.
Maxaan sameeyaa haddii uu khalad ka jiro iskaanka Wordfence?
Haddii aad isticmaasho plugin Wordfence si aad u sawirto, fariinta khaladka ah ee soo socota ayaa soo baxaysa:
Adeegayaasha iskaanka Wordfence: CURL qalad 28: Xidhiidhku wuu dhammaaday ka dib 10000 millise seconds
Habka dejinta si loo xalliyo qaladka iskaanka Wordfence:
Talaabada 1: gudaha Wordfence → "Tools" → "Diagnostics" → "Ikhtiyaarada Debugging":
Isku day inaad karti u yeelato ama damiso "Dhammaan baaritaannada ku bilow meel fog (isku day tan haddii aan sawiradaada la bilaabin oo goobtaadu tahay mid si guud loo heli karo)"
Tallaabada 2:Dib u bilow adeegga Apache ▼
systemctl restart httpd
Ka dib markii dib loo bilaabo adeegga Apache, badanaa way xallisaa"Wordfence scanning servers: cURL error 28: Connection timed out after 10000 milliseconds" waa qalad.
Maxaan sameeyaa haddii sawirka Wordfence uu guuldareysto?
Maxaan sameeyaa haddii fur-in Wordfence uu si lama filaan ah ugu guuldareysto inuu sawiro oo uu hakado inta lagu jiro habka iskaanka, iyo soo socdaa fashilka iskaanka soo socda?
Sawirka hadda wuxuu u muuqdaa inuu fashilmay.Cusbooneysiiskeedii ugu dambeeyay waxay ahayd 8 daqiiqo kahor.Waad sii wadi kartaa inaad sugto inuu dib u bilaabo ama joojiyo oo dib u bilaabo sawirka.Goobaha qaar ayaa laga yaabaa inay u baahdaan hagaajin si ay si kalsooni leh ugu socodsiiyaan sawirada.Riix halkan talaabooyinka aad isku dayi karto
Ama fariinta fashilka iskaanka ee soo socota:
Sawirka hadda wuxuu u muuqdaa inuu fashilmay.Cusbooneysiisii heerka ugu dambeysay waa 5 daqiiqo Ka hor.Waad sii wadi kartaa inaad sugto inuu dib u bilaabo ama joojiyo oo dib u bilaabo sawirka.Goobaha qaar ayaa laga yaabaa inay u baahdaan hagaajin si ay si kalsooni leh ugu socodsiiyaan sawirada. Riix halkan talaabooyinka aad isku dayi karto
Xalka:
- Guji "Cancel Scan";
- Isku day inaad dib u bilowdo plugin Wordfence;
- mar labaadKaliya isku day iskaanka amniga
Qoraalada Plugin Wordfence
Qoraalada ku saabsan isticmaalka Plugin Security Wordfence:
- Si loo hubiyo iskaanka deggan, waxa fiican in la joojiyo dhammaan pluginsyada kale (kaliya plugins ammaanka Wordfence ayaa karti leh) ka hor inta aanad bilaabin "Scan".
- Mar haddii baarista Wordfence Security Plugin ay sababi karto culeyska ugu sarreeya ee server-ka CPU, waxaa lagu talinayaa in la iska qaado subaxda hore ama marka taraafikada goobta ugu yar tahay.
- Waxaan kaliya u isticmaalnaa xeerka "scan" ee Wordfence Security code xaasidnimo, markaa fiiro gaar ah u yeelo jidka faylalka php ee laga shakisan yahay ee lagu keenay natiijooyinka iskaanka, si ay u fududaato in gacanta lagu kaydiyo ka dibna nadiifiyo oo tirtirto.
Chen WeiliangCasharkan blog-ka ah ayaa lagu sheegay, WordPress theme malicious code analysis ▼
Qalabka Xisbiga 3aad Soo hel Trojan Backdoors
Dhab ahaantii, waxaa jira qalab kale oo asal ah kaas oo ah habka ugu wanaagsan ee lagu heli karo code xaasidnimo ah faylasha PHP - Microsoft's MSE.
- Waxaan soo dejisan karnaa faylka PHP ee dhinaca server-ka ah, sidaa darteed iskaanka iyo ogaanshaha Microsoft ee MSE waxay sidoo kale heli kartaa "code xaasidnimo", "Faraska Trojan", iyo "albaabka dambe".
- Tani maahan oo kaliya ka awood badan Shiinaha gudaha "360 Ilaalada Ammaanka", "Maamulaha Kombuyuutarka Tencent", iyo "Kingshan Drug Bully".
- Waxaan haynaa qalabyo badan oo dhinac saddexaad ah oo aan ka dooran karno, fadlan dooro sida ay tahay xaaladdaada.
Nidaamka deegaanka ee WordPress runtii waa kan ugu fiican:
- Jiritaanka pluginsyada amniga sida Amniga Wordfence, ayaa xallin kara dhibaatada koodka xaasidnimada leh ee WordPress.
Gunaanad
Ugu danbeyn,Chen WeiliangWaa la xoojin doonaa mar kale:
- Mawduucyada iyo mawduucyada hodanka ah ee WordPress ayaa sidoo kale ah "sayf laba af leh".
- Qof kastaa waa inuu taxaddaraa marka uu dooranayo oo uu isticmaalayo plugins iyo mawduucyada.
- Sababtoo ah qodobka ugu muhiimsan ee ammaan-darrada WordPress waa plugins iyo mawduucyo, kuwaas oo aan si rasmi ah u xakameynin WordPress.
- Waxaa soo gudbiyay horumariye koox saddexaad ka dib oo dhan.
- Waxaa lagu talinayaa in la isticmaalo plugin ammaanka Wordfence si joogto ah.
- Qorshaynta in lagu shaqeeyo mareegahaSuuqgeynta InternetkaDadku, waxaa lagula talinayaa inay iibsadaan plugins WordPress oo dhab ah iyo mawduucyo.
- Sababtoo ah budhcad badeed, noocyada bilaashka ah ayaa laga yaabaa inay qariyaan khatarta "code xaasidnimo".
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ) wadaaga "Wordfence Security Plugin Scanning WordPress Website Code malicious", kaas oo adiga ku caawinaya.
Ku soo dhawoow inaad wadaagto xiriirka maqaalkan:https://www.chenweiliang.com/cwl-1583.html
Ku soo dhawoow kanaalka Telegramka ee Chen Weiliang's blog si aad u hesho wararkii ugu dambeeyay!
📚 Hagahan waxa uu ka kooban yahay qiimo aad u weyn, 🌟Tani waa fursad naadir ah, ha seegin! ⏰⌛💨
Share iyo like saar hadaad jeceshahay!
Wadaagistaada iyo jeceylkaaga ayaa ah dhiirigelintayada joogtada ah!