Note: I’m not responsible for damage to your installation. Use these tips at your own risk:)
These days I have two wordpress sites infected with malware! I suffered a bit to clean the site and decided to share the tips here that I was joining the road.
Basically, viruses create a “backdoor” taking advantage of some security flaw or bug in your installation. With this backdoor created, the virus has direct access to your site even after the bug fix or upgrade the system. It is like as if the virus had established an ssh account on your server and could perform almost any command in there.
In one case, the bug that allowed the installation of the virus was a theme that uses a library called timthumb.php. I Found the failure in this link and follow the steps there to solve the problem. This virus is installed through the timthumb.php and creates a backdoor. Through the backdoor, other viruses have settled on the site. I’ve fixed the file timthumb.php to remove the possibility of a new invasion.
This virus inserted an iframe on the home page of the site, causing the visitor to be redirected to a site with malicious code. In my case it was an iframe to a site called wordpress-counter.com
Then I had to remove the backdoor before removing the iframe code generator, because when removing the iframe itself, it was introduced again after 15 minutes through the backdoor.
Follow the tips this post and discovered the backdoor in the file wp-config.php. After the end of the traditional code of WordPress, it has about 100 blank lines and then the malicious code.
Then follow the tips this other post to eliminate the iframe generators.
Finally, I froze the files of my WordPress instalation. I accessed the site root via SSH and perform the steps below (note that this will block you from WordPress to automatically update the latest versions of the Dashboard):
To protect folders:
find. -type d -exec chmod 755 {} \;
To protect files:
find. -type f -exec chmod 644 {} \;
To prevent other users to view data from your database, which is possible in some shared hosting:
chmod 750 wp-config.php
To prevent further attacks modify any file on your system (files less plugins and themes):
chmod u-w -R *
chmod u+w -R wp-content
References
http://blog.sucuri.net/2011/08/timthumb-php-security-vulnerability-just-the-tip-of-the-iceberg.html
http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
http://cantonbecker.com/work/musings/2009/how-to-search-for-backdoors-in-a-hacked-wordpress-site/
http://blog.unmaskparasites.com/2011/03/02/versatile-cc-attacks/
http://codex.wordpress.org/Hardening_WordPress
Diramos, 
Cláudio Gonçalves, 
Francisco and one other person are discussing. 
Ronaldo Richieri 14:18 on 16/10/2011 Permalink |
Acho que também é necessário instalar este modulo perl: Net::SMTP::TLS
Ronaldo Richieri 14:21 on 16/10/2011 Permalink |
sudo apt-get install libemail-sender-transport-smtp-tls-perl
Francisco 11:38 on 08/12/2011 Permalink |
Bom dia Ronaldo, trabalho em uma empresa de TI e gostaria de saber se tem alguma empresa no Brasil que presta suporte no sistema da OTRS. caso você faça isso se tem como enviar seu telefone!!
Abrigado
Cláudio Gonçalves 11:48 on 24/04/2012 Permalink |
Ronaldo, seguindo estes procedumentos, tanto no ubuntu desktop quanto no server me aparece a seguinte mensage de que o mysql-client precisa ser instalado e configurado.
“Configuring the database for otrs2 requires the package mysql-client to be installed and configured first, wich is not something that can be checked for automatically.
If in doubt, you should choose “abort”, and install mysql-client before continuing with the configuration of this package. If you choose “retry”, you will be allowed to choose different answers (in case you chose the wrong database type by mistake). If you choose “ignore”, then installation will continue as normal.
Next step:
abort
retry
ignore
Com isso não foi possível instalar o otrs.
Vou abortar o tutorial, instalar o mysql-client e tentar novamente instalar o otrs.
Diramos 7:44 on 01/05/2012 Permalink |
Olá, Pessoal.
Instalei o OTRS na empresa e estou começando a me familiarizar com essa poderosa ferramenta.
Meu S.O é Linux (Debian Squeeze). A versão do OTRS é 3.1.4
Após a instalação e ajustes nas configurações, o sistema está com suas funcionalidades básicas operando certinho.
Ou seja: o cliente abre chamado, o email é enviado para os atendentes, etc.
Também uso o Nagios Core 3.2 há tempos.
O próximo passo agora é integrar o OTRS com o Nagios para abertura de chamados automaticamente quando da ocorrência de problemas de hosts e serviços, detectados pelo Nagios.
Nagios e OTRS estão instalados em máquinas distintas.
O Nagios já envia emails de alertas para os contatos através do exim.
Já instalei o módulo SystemMonitoring no OTRS.
Já baixei o plugin otrs.NagiosCheck.pl do Nagios Exchange.
Mas estou com muita dificuldade em fazer os dois sistemas “conversarem” entre si.
Ou seja, não consigo fazer com que o Nagios envie email para o OTRS e abra o chamado automaticamente.
Alguém teria um passo-a-passo sobre como fazer isso?
Grato desde já.
Diramos