{"id":22449,"date":"2020-02-18T19:01:42","date_gmt":"2020-02-18T18:01:42","guid":{"rendered":"https:\/\/blog.wedos.cz\/?p=22449"},"modified":"2020-02-18T20:29:43","modified_gmt":"2020-02-18T19:29:43","slug":"jak-jsme-chranili-weby-nasich-zakazniku-pred-kritickou-chybou-ve-wordpress-pluginu-themegrill-demo-importer","status":"publish","type":"post","link":"https:\/\/blog.wedos.com\/cs\/jak-jsme-chranili-weby-nasich-zakazniku-pred-kritickou-chybou-ve-wordpress-pluginu-themegrill-demo-importer","title":{"rendered":"Jak jsme chr\u00e1nili weby na\u0161ich z\u00e1kazn\u00edk\u016f p\u0159ed kritickou chybou ve WordPress pluginu ThemeGrill Demo Importer"},"content":{"rendered":"

V pond\u011bl\u00ed 17.02.2020 \u010delily tis\u00edce web\u016f na\u0161ich z\u00e1kazn\u00edk\u016f masivn\u00edmu zneu\u017eit\u00ed bezpe\u010dnostn\u00ed chyby, kter\u00e1 mohla b\u011bhem zlomku vte\u0159iny kompletn\u011b vymazat obsah jejich web\u016f.<\/p>\n

Aneb jedna detektivka ze z\u00e1kulis\u00ed WEDOS. Bez cenzury.<\/em><\/p>\n

<\/p>\n

Intern\u00ed komunika\u010dn\u00ed kan\u00e1l #distruptions<\/em> pro hl\u00e1\u0161en\u00ed bezpe\u010dnostn\u00edch incident\u016f a technick\u00fdch probl\u00e9m\u016f pond\u011bl\u00ed 17.02.2020<\/p>\n

19:46 Z\u00e1kaznick\u00e1 podpora 1<\/span><\/p>\n

\n

U\u017e p\u00ed\u0161e 4. z\u00e1kazn\u00edk b\u011bhem 30 minut, \u017ee mu na WP sko\u010dila default \u0161ablona ani\u017e by n\u011bco d\u011blal<\/p>\n<\/blockquote>\n

19:47 J.G. (veden\u00ed spole\u010dnosti)<\/span><\/em>:<\/p>\n

\n

Kde? Na jak\u00e9m serveru?<\/p>\n<\/blockquote>\n

19:48 Technik dr\u017e\u00edc\u00ed slu\u017ebu v DC:<\/p>\n

\n

domena-A.cz hc1-wd50 (ozna\u010den\u00ed server\u016f)<\/em><\/span>, domena-B.cz hc1-wd53, domena-C.cz hc1-wd54,\u00a0 domena-D.sk hc1-wd63<\/p>\n<\/blockquote>\n

19:49 Z\u00e1kaznick\u00e1 podpora:<\/p>\n

\n

domena-E.info wl39-f167<\/p>\n<\/blockquote>\n

19:50 J.G. (pro informaci dod\u00e1v\u00e1me, \u017ee jsou to inici\u00e1ly Josef Grill):<\/p>\n

\n

Ob\u00e1v\u00e1m se, \u017ee n\u011bkdo hacknul jejich \u0161ablonu – v\u0161ichni maj\u00ed . Theme By ThemeGrill. Ale j\u00e1 s t\u00edm nem\u00e1m nic spole\u010dn\u00e9ho \ud83d\ude42 Cht\u011blo by to dohledat a zjistit co a jak to kdo napadnul nebo jak to chr\u00e1nit<\/p>\n<\/blockquote>\n

19:51 Z\u00e1kaznick\u00e1 podpora 1:<\/p>\n

\n

subdomena.domena-F.eu wl33-f208<\/p>\n<\/blockquote>\n

19:55 J.G.:<\/p>\n

\n

Zkuste to cel\u00e9 analyzovat a zjistit co nejv\u00edce – i z log\u016f. Je asi mo\u017en\u00e9, \u017ee tam m\u011bli n\u011bjak\u00e9 heslo…<\/p>\n<\/blockquote>\n

20:04 J.G.:<\/p>\n

\n

Zkuste n\u011bco z log\u016f. Kibana apod. Kdy tam naposledy d\u011blal n\u011bkdo n\u011bjak\u00fd upload apod..<\/p>\n<\/blockquote>\n

\n

Postupn\u011b se p\u0159ipojuj\u00ed dal\u0161\u00ed kolegov\u00e9 (z\u00e1kaznick\u00e1 podpora, technici, v\u00fdvoj\u00e1\u0159i). Kdo m\u00e1 p\u0159\u00edstup do Kibana (open source vizualizace pro Elasticsearch), kde se v re\u00e1ln\u00e9m \u010dase sb\u00edhaj\u00ed data a to v\u010detn\u011b log\u016f ze stovek server\u016f, tak p\u00e1tr\u00e1 po \u00fatoc\u00edch. Technici s p\u0159\u00edstupem k IPS\/IDS hledaj\u00ed vzorce a zachycen\u00e9 \u00fatoky. Z\u00e1kaznick\u00e1 podpora sb\u00edr\u00e1 informace od z\u00e1kazn\u00edk\u016f a proch\u00e1z\u00ed stav napaden\u00fdch web\u016f.<\/p>\n

\n

20:09 Z\u00e1kaznick\u00e1 podpora 2:<\/p>\n

\n

S\u00e1hlo si to do datab\u00e1z\u00ed a ty to pro\u010distilo. V\u011bt\u0161in\u011b p\u0159i\u0161el email o nov\u00e9 instalaci WP<\/p>\n<\/blockquote>\n

20:15 Z\u00e1kaznick\u00e1 podpora 2:<\/p>\n

\n

Na FTP z\u016fstalo nejsp\u00ed\u0161e v\u0161e, jenom to hodilo datab\u00e1ze do defaultn\u00edho stavu a poslalo to v\u0161em email z WP o nov\u00e9 instalaci<\/p>\n<\/blockquote>\n

20:18 J.G.:<\/p>\n

\n

A co to provedlo? Jak\u00fd skript? Jak\u00e1 IP?<\/p>\n<\/blockquote>\n

20:39 Z\u00e1kaznick\u00e1 podpora 2:<\/p>\n

\n

Ale t\u0159eba u\u017eivatelsk\u00e9 \u00fa\u010dty jsou stejn\u00e9, ty nikdo nesmazal. Opravdu jenom jsou pry\u010d jen p\u0159\u00edsp\u011bvky a str\u00e1nky.<\/p>\n<\/blockquote>\n

20:40 J.G.:<\/p>\n

\n

Chce to naj\u00edt jak\u00e1 IP nebo jak\u00fd skript to ud\u011blal a to zablokovat v\u0161ude. A t\u011bm lidem ud\u011blat z\u00e1lohy z\u00e1loh DB \ud83d\ude42
Zkuste p\u00e1trat nyn\u00ed s maxim\u00e1ln\u00ed prioritou. Chce to n\u011bjak dohledat.
N\u011bkde v logu mus\u00ed b\u00fdt n\u011bjak\u00e1 IP, kter\u00e1 se tam hl\u00e1sila do administrace nebo n\u011bjakou akci ud\u011blala p\u0159es n\u011bjakou URL
V\u00edte ze kdy to p\u0159esn\u011b je? \u010cas. Na minutu p\u0159esn\u011b a podle toho to naj\u00edt.<\/p>\n<\/blockquote>\n

20:49 Z\u00e1kaznick\u00e1 podpora 2:<\/p>\n

\n

hosting domena-F.eu db: d49XXX_xxxxxx Prob\u011bhlo: 18:11:51<\/p>\n<\/blockquote>\n

20:55 Z\u00e1kaznick\u00e1 podpora 2:<\/p>\n

\n

P\u0159\u00edmo z DB toho posti\u017een\u00e9ho webu, \u010das vytvo\u0159en\u00ed t\u011bch defaultn\u00edch p\u0159\u00edsp\u011bvk\u016f. se shoduje s \u010dasem, kdy lidi za\u010dali p\u0159ibli\u017en\u011b ps\u00e1t<\/p>\n<\/blockquote>\n

21:02 J.G.:<\/p>\n

\n

Tam je v logu podez\u0159el\u00e1 jen tahle: 93.113.111.193 https:\/\/www.abuseipdb.com\/check\/93.113.111.193 ale to je pozd\u011bji<\/p>\n<\/blockquote>\n

21:05 Marketing 1:<\/p>\n

\n

A ta datab\u00e1ze je pr\u00e1zdn\u00e1 (jen z\u00e1kladn\u00ed instalace)? Nemohlo to t\u0159eba jen vytvo\u0159it tabulky s jinou p\u0159edponou?
Na disku soubory m\u00e1 http:\/\/….<\/p>\n<\/blockquote>\n

21:06 Z\u00e1kaznick\u00e1 podpora 2:<\/p>\n

\n

Ne to jsem kontroloval. Vylo\u017een\u011b to jen smazalo p\u0159\u00edsp\u011bvky a str\u00e1nky zbytek byl nedot\u010den\u00fd+ v\u0161em p\u0159i\u0161el ten email.<\/p>\n<\/blockquote>\n

21:02 J.G.:<\/p>\n

\n

M\u00e1te je\u0161t\u011b \u010das n\u011bjak\u00e9ho dal\u0161\u00edho webu?<\/p>\n<\/blockquote>\n

21:13 Marketing 1:<\/p>\n

\n

Ok tak je to celosv\u011btov\u00fd probl\u00e9m: „The developers of the ThemeGrill Demo Importer for WordPress have updated the plugin to remove a critical bug that gives admin privileges to unauthenticated users.“ „Once all tables have been dropped, it will populate the database with the default settings and data after which it will set the password of the \u201cadmin\u201d user to its previously known password.“<\/p>\n<\/blockquote>\n

21:14 J.G.:<\/p>\n

\n

Tak jsem to trefil rovnou \ud83d\ude42 Ale j\u00e1 s t\u00edm nem\u00e1m nic spole\u010dn\u00e9ho.<\/p>\n<\/blockquote>\n

21:14 J.G.:<\/p>\n

\n

Asi bych to poslal p\u0159es odst\u00e1vky v\u0161em klient\u016fm na webhostingu.<\/p>\n<\/blockquote>\n

21:14 J.G.:<\/p>\n

\n

D\u00e1te dohromady n\u011bjak\u00fd jednoduch\u00fd text, kter\u00fd po\u0161leme v\u0161em?
Plus bych hledal je\u0161t\u011b dal\u0161\u00ed \u010dasy, abychom na\u0161li v\u00edce informac\u00ed a zkusili naj\u00edt n\u011bjak\u00e9 IP apod.
A d\u00e1me to na soci\u00e1ln\u00ed s\u00edt\u011b
Ale s pozn\u00e1mkou, \u017ee j\u00e1 za to nemohu \ud83d\ude42<\/p>\n<\/blockquote>\n

21:18 Marketing 1:<\/p>\n

\n

Jdu na to<\/p>\n<\/blockquote>\n

21:25 J.G.:<\/p>\n

\n

M\u00e1te n\u011bjak\u00e9 dal\u0161\u00ed \u010dasy? Neda\u0159\u00ed se mi naj\u00edt nic – jak se tam dostali.<\/p>\n<\/blockquote>\n

\n

21:43 bylo na Facebook a Twitter um\u00edst\u011bno varov\u00e1n\u00ed s popisem probl\u00e9mu a odkazem na bezpe\u010dnostn\u00ed zpr\u00e1vu t\u00fdmu, kter\u00fd zranitelnost objevil. Z\u00e1rove\u0148 za\u010dalo rozes\u00edl\u00e1n\u00ed e-mailu v\u0161em z\u00e1kazn\u00edk\u016fm. V t\u00e9 dob\u011b jsme je\u0161t\u011b nev\u011bd\u011bli o jak velk\u00fd probl\u00e9m se jedn\u00e1. Prvn\u00ed odhady v\u0161ak ukazovali na zasa\u017een\u00ed n\u011bkolika procent z\u00e1kazn\u00edk\u016f.<\/p>\n

\n

21:43 J.G.:<\/p>\n

\n

A je\u0161t\u011b m\u00e1m pocit, \u017ee to provedou u\u017eivatel\u00e9 sami. Kdy\u017e d\u011blaj\u00ed n\u011bco v administraci, tak se jim to provede nebo aktivuje.<\/p>\n<\/blockquote>\n

21:57 Z\u00e1kaznick\u00e1 podpora 2:<\/p>\n

\n

N\u011bkdo psal, \u017ee v administraci WP nebyl t\u00fdden a jedna pan\u00ed psala i m\u011bs\u00edc<\/p>\n<\/blockquote>\n

22:09 J.G.:<\/p>\n

\n

Pro\u0161li jsme anal\u00fdzu t\u00e9 bezpe\u010dnostn\u00ed d\u00edry a na\u0161li prvn\u00edho \u00fato\u010dn\u00edka 45.129.96.17<\/p>\n<\/blockquote>\n

\n

V tento okam\u017eik u\u017e jsme v\u011bd\u011bli co p\u0159esn\u011b \u00fato\u010dn\u00edk\u00a0 pos\u00edl\u00e1 na zraniteln\u00e9 WordPressy, aby dos\u00e1hl jejich „zresetov\u00e1n\u00ed“, tak\u017ee nebyl probl\u00e9m jak jej identifikovat. V t\u00e9to f\u00e1zi jsme prov\u00e1d\u011bli prvn\u00ed z\u00e1sahy ru\u010dn\u011b a blokovali prvn\u00ed IP adresy.<\/p>\n

\n

22:21: J.G.:<\/p>\n

\n

Podle kibany je t\u011bch hacknut\u00fdch web\u016f asi 150-200<\/p>\n<\/blockquote>\n

\n

Byly spu\u0161t\u011bny prvn\u00ed automatick\u00e9 skripty na IPS\/IDS ochran\u011b, kter\u00e9 dok\u00e1zali odhalit \u00fato\u010dn\u00edky a automaticky zablokovat jejich pokusy u web\u016f na HTTP. Z\u00e1rove\u0148 se za\u010dala plnit datab\u00e1ze pro druh\u00fd stupe\u0148 ochrany, kter\u00e1 chr\u00e1n\u00ed i weby na HTTPS. Ta parsuje logy a hled\u00e1 i nov\u00e9 specifick\u00e9 \u0159et\u011bzce. Do minuty je v\u0161e chr\u00e1n\u011bno.\u00a0<\/p>\n

\n

23:07 J.G.:<\/p>\n

\n

Jsou tam dal\u0161\u00ed \u00fatoky. Nyn\u00ed t\u0159eba p\u0159es IP 2607:5300:61:bd9::107<\/p>\n<\/blockquote>\n

Co se tedy stalo<\/h3>\n

Ne\u017e jsme p\u0159i\u0161li na to, co se d\u011bje a p\u0159ipravili IPS\/IDS ochranu, tak bylo posti\u017eeno 154 web\u016f. \u00dato\u010dn\u00edk jim p\u0159es neo\u0161et\u0159en\u00fd p\u0159\u00edstup v d\u011brav\u00e9m pluginu „zresetoval“ WordPress. M\u011bl to pom\u011brn\u011b jednoduch\u00e9. Detaily jak to provedl najdete v \u010dl\u00e1nku bezpe\u010dnostn\u00edho t\u00fdmu, kter\u00fd chybu odhalil<\/a>.<\/p>\n

Z pohledu na\u0161\u00ed IPS\/IDS ochrany bylo t\u011b\u017ek\u00e9 automaticky \u00fatok detekovat, proto\u017ee \u00fatok byl proveden p\u0159es zavol\u00e1n\u00ed URL administrcace WordPress s prom\u011bnnou do_reset_wordpress.<\/p>\n

Pot\u00e9 co jsme zjistili o jakou bezpe\u010dnostn\u00ed chybu se jedn\u00e1, tak jsme upravili nastaven\u00ed IPS\/IDS a do r\u00e1na zachr\u00e1nili v\u00edce ne\u017e dal\u0161\u00edch 1000 instalac\u00ed WordPress, kter\u00e9 u n\u00e1s maj\u00ed nainstalovan\u00fd problematick\u00fd pluginy.<\/p>\n

V sou\u010dasn\u00e9 dob\u011b (\u00fater\u00fd 18:00) u\u017e \u00fatoky neprob\u00edhaj\u00ed. Pokud u\u017e o \u00fato\u010dn\u00edkovi v\u00edme, tak je zablokovan\u00fd. Blokujeme jak\u00fdkoliv \u00fatok, kter\u00fd detekujeme p\u0159es HTTP. Bohu\u017eel pokud se jedn\u00e1 o novou IP adresu a \u00fatok sm\u011b\u0159uje na HTTPS, tak tam prozat\u00edm nepom\u016f\u017eeme. Do \u0161ifrovan\u00e9ho provozu nevid\u00edme. Ale ji\u017e brzo uvid\u00edme \ud83d\ude42 .\u00a0<\/p>\n

Na grafu n\u00ed\u017ee se m\u016f\u017eete pod\u00e1vat na statistiku \u00fatok\u016f v \u010dase na 10 server\u016f, kter\u00e9 byly nej\u010dast\u011bj\u0161\u00edm c\u00edlem. Server\u016f m\u00e1me stovky. Celkov\u00fd po\u010det zaznamenan\u00fdch \u00fatok\u016f byl t\u00e9m\u011b\u0159 41 tis\u00edc.<\/p>\n

\"\"<\/a><\/p>\n

\u00dasp\u011b\u0161n\u00fdch bylo jen necel\u00fdch 200 (asi 183).\u00a0
<\/p>\n

\u00datoky byla provedeny z n\u00e1sleduj\u00edc\u00edch IP adres:
103.221.222.179
103.4.217.81
107.180.225.158
142.44.151.107
149.202.75.164
159.65.65.204
168.63.19.216
172.68.10.50
172.68.245.131
185.45.72.159
188.166.16.17
188.166.176.184
198.12.156.154
2001:41d0:d:34a4::
209.251.53.192
2607:5300:61:bd9::107
2a03:b0c0:2:d0::11f0:6001
45.129.96.17
46.101.174.128
50.63.162.9
51.68.124.88
62.76.187.179
68.183.204.202<\/p>\n

Auto\u0159i informace o zranitelnosti na\u0161li IP adres m\u00e9n\u011b:<\/p>\n

45.129.96.17 200
185.45.72.159 4
46.101.174.128 2
50.63.162.9 2
51.68.124.88 2
62.76.187.179 2
68.183.204.202 2
103.221.222.179 2
107.180.225.158 2
142.44.151.107 2<\/p>\n

M\u00e1me v\u011bt\u0161\u00ed vzorek web\u016f, proto\u017ee u n\u00e1s hostuje cca 150.000 web\u016f a z toho velk\u00e1 \u010d\u00e1st (vy\u0161\u0161\u00ed des\u00edtky tis\u00edc) pou\u017e\u00edv\u00e1 WordPress. A v\u00edce ne\u017e tis\u00edc jich pou\u017e\u00edv\u00e1 napadnuteln\u00fd plugin. Celkov\u011b na sv\u011bt\u011b bylo ohro\u017een\u00fdch \u00fadajn\u011b 200.000 web\u016f s t\u00edmto pluginem. To je hezk\u00e9, proto\u017ee skoro 0,7% v\u0161ech je u n\u00e1s. Docela slu\u0161n\u00fd pod\u00edl z celosv\u011btov\u00e9ho po\u010dtu \ud83d\ude42<\/p>\n

Co pl\u00e1nujeme do budoucna pro zv\u00fd\u0161en\u00ed bezpe\u010dnosti na\u0161ich z\u00e1kazn\u00edk\u016f<\/h3>\n

Za bezpe\u010dnostn\u00ed d\u00edry v redak\u010dn\u00edch syst\u00e9mech, pluginech a \u0161ablon\u00e1ch nem\u016f\u017eeme. V\u00edme v\u0161ak \u017ee tu jsou a budou, proto tak\u00e9 na\u0161e ochrany neust\u00e1le zlep\u0161ujeme. Tento rok n\u00e1s \u010dekaj\u00ed dv\u011b velk\u00e9 novinky, kter\u00e9 pr\u00e1v\u011b v t\u011bchto p\u0159\u00edpadech pomohou.<\/p>\n

Prvn\u00ed z nich je vylep\u0161en\u00ed proxy server\u016f, kter\u00e9 n\u00e1m umo\u017en\u00ed filtrovat a chr\u00e1nit obsah \u0161ifrovan\u00e9ho p\u0159ipojen\u00ed. Budeme tak moc detekovat a filtrovat \u00fatoky, kter\u00e9 jdou i na weby s HTTPS.<\/p>\n

Dal\u0161\u00ed je slu\u017eba WEDOS AnyCast. Ta n\u00e1m p\u0159inese nov\u00e9 mo\u017enosti ochrany nejen p\u0159ed DDoS \u00fatoky. T\u0159eba v tomto p\u0159\u00edpad\u011b bychom do podez\u0159el\u00e9ho provozu mohli p\u0159idat captcha, co\u017e roboty, kte\u0159\u00ed tyto \u00fatoky prov\u00e1d\u011bli, spolehliv\u011b zastav\u00ed.<\/p>\n

Z\u00e1v\u011br<\/h3>\n

Dostali jsme velk\u00e9 mno\u017estv\u00ed reakc\u00ed. N\u011bkte\u0159\u00ed n\u00e1m vyt\u00fdkaj\u00ed, \u017ee jsme poslali „popla\u0161nou zpr\u00e1vu“. V dob\u011b psan\u00ed emailu jsme neznali p\u0159esn\u00fd rozsah \u00fatok\u016f ani po\u010det potenci\u00e1ln\u011b zraniteln\u00fdch web\u016f. WordPress\u016f hostujeme n\u011bkolik des\u00edtek tis\u00edc. Ud\u011blali jsme rychl\u00e9 rozhodnut\u00ed a podle mnoha reakc\u00ed se vyplatilo. Nebylo to mo\u017en\u00e9 odkl\u00e1dat.<\/strong><\/p>\n

Je\u0161t\u011b do p\u016flnoci jsme napsali v\u0161em klient\u016fm, jejich\u017e web byl napaden, \u017ee se tak stalo a aby si to vy\u0159e\u0161ili a jak maj\u00ed postupovat.<\/p>\n

Hled\u00e1n\u00ed dal\u0161\u00edch\u00a0 zraniteln\u00fdch web\u016f n\u00e1m trvalo n\u011bkolik hodin. Zkuste prohled\u00e1vat stovky fyzick\u00fdch server\u016f a na nich hledat ur\u010dit\u00e9 soubory s ur\u010dit\u00fdmi atributy\u00a0 a ur\u010dit\u00fdm obsahem. To skute\u010dn\u011b rychleji ned\u00e1te. \ud83d\ude42
Kdy\u017e jsme to r\u00e1no dokon\u010dili, tak jsme informovali ji\u017e c\u00edlen\u011b v\u0161echny konkr\u00e9tn\u00ed z\u00e1kazn\u00edky, kter\u00fdch se to t\u00fdkalo.\u00a0 Napsali jsme v\u0161em, kte\u0159\u00ed m\u011bli uveden\u00fd plugin ve zraniteln\u00e9 verzi, \u017ee je nutn\u00e9 situaci \u0159e\u0161it.\u00a0
Jak s t\u00edm kdo nalo\u017eil nev\u00edme, ale v\u011bt\u0161ina to vy\u0159e\u0161ila.<\/p>\n

V\u011bt\u0161ina web\u016f u n\u00e1s b\u011b\u017e\u00ed na WordPressu. Je to nyn\u00ed nejpopul\u00e1rn\u011bj\u0161\u00ed redak\u010dn\u00ed syst\u00e9m. Tak jsme vych\u00e1zeli z t\u00e9 v\u011bt\u0161iny a rad\u011bji jsme n\u011bkomu poslali „popla\u0161nou zpr\u00e1vu“, ne\u017e m\u00edt prodlen\u00ed a nechat (v t\u00e9 dob\u011b) nezn\u00e1m\u00fd po\u010det web\u016f smazat.\u00a0 Berte v \u00favahu, \u017ee n\u00e1m tam jede na webhostingu cca 150 tis\u00edc dom\u00e9n II. \u0159\u00e1du plus k tomu pom\u011brn\u011b vysok\u00fd po\u010det subdom\u00e9n na dom\u00e9n\u00e1ch III.\u0159\u00e1du…
Je to na stovk\u00e1ch fyzick\u00fdch server\u016f… A najednou to nen\u00ed tak snadn\u00e9 dop\u00e1trat co jede na WordPressu a co m\u00e1 jak\u00fd plugin a v jak\u00e9 verzi. Zji\u0161t\u011bn\u00ed tak\u00e9 trv\u00e1 pom\u011brn\u011b dlouhou dobu. Druh\u00fd den n\u00e1m trvalo n\u011bkolik dal\u0161\u00edch hodin. Kdybychom m\u011bli podobn\u00e9 prodlen\u00ed, tak nen\u00ed co zachra\u0148ovat.\u00a0<\/p>\n

Ano chod\u00ed n\u00e1m i negativn\u00ed anebo zmaten\u00e9 reakce lid\u00ed, kte\u0159\u00ed WordPress nepou\u017e\u00edvaj\u00ed, ale t\u011bm poctiv\u011b odpov\u00edd\u00e1me. Po p\u0159e\u010dten\u00ed v\u00fd\u0161e uveden\u00fdch \u0159\u00e1dku jist\u011b ch\u00e1pete, \u017ee \u0161lo o ka\u017ed\u00fd okam\u017eik. Nemohli jsme nic odkl\u00e1dat.<\/strong><\/p>\n

P\u0159i\u0161lo n\u00e1m tak\u00e9 n\u011bkolik dotaz\u016f, pro\u010d jsme na probl\u00e9m upozornili jako jedin\u00ed, pro\u010d konkurence nijak nereagovala. Popravd\u011b na tuto ot\u00e1zku odpov\u011b\u010f rad\u0161i nem\u00e1me \ud83d\ude42<\/p>\n

M\u00e1me v\u0161echna data – logy centralizovan\u011b a tak ka\u017edou sekundu logujeme des\u00edtky tis\u00edc (nebo v\u00edc) z\u00e1znam\u016f.\u00a0 Tato BigData p\u0159esn\u011b pom\u00e1haj\u00ed cokoliv \u0159e\u0161it. Hned v\u00edte v\u0161echny souvislosti. M\u00e1me detek\u010dn\u00ed a filtra\u010dn\u00ed syst\u00e9my a tak jsme si s t\u00edm poradili. M\u00e1me t\u00fdm zku\u0161en\u00fdch koleg\u016f, kte\u0159\u00ed um\u011bj\u00ed podobn\u00e9 situace \u0159e\u0161it. Proto jsme tam, kde jsme. \ud83d\ude42<\/p>\n

V\u011bd\u011bli jsme, \u017ee weby na\u0161ich z\u00e1kazn\u00edk\u016f jsou v ohro\u017een\u00ed a tak jsme jednali. Nestyd\u00edme se za to. Pokud se n\u011bkdo kv\u016fli tomu „zbyte\u010dn\u011b“ p\u0159ihl\u00e1sil do administrace sv\u00e9ho redak\u010dn\u00edho syst\u00e9mu, aby zkontroloval, zdali m\u00e1 v\u0161e aktualizovan\u00e9, tak se mu omlouv\u00e1me.<\/strong><\/p>\n

Up\u0159\u00edmn\u011b \u0159e\u010deno by bylo fajn, kdyby v\u0161ichni provedli v\u0161echny aktualizace, abychom nemuseli \u0159e\u0161it podobnou detektivku zase p\u0159\u00ed\u0161t\u011b.\u00a0<\/p>\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

V pond\u011bl\u00ed 17.02.2020 \u010delily tis\u00edce web\u016f na\u0161ich z\u00e1kazn\u00edk\u016f masivn\u00edmu zneu\u017eit\u00ed bezpe\u010dnostn\u00ed chyby, kter\u00e1 mohla b\u011bhem zlomku vte\u0159iny kompletn\u011b vymazat obsah jejich web\u016f. Aneb jedna detektivka ze z\u00e1kulis\u00ed WEDOS. Bez cenzury.<\/p>\n","protected":false},"author":9,"featured_media":22509,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[112],"tags":[113,37],"class_list":["post-22449","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost","tag-themegrill-demo-importer","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/22449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/comments?post=22449"}],"version-history":[{"count":21,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/22449\/revisions"}],"predecessor-version":[{"id":22579,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/22449\/revisions\/22579"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media\/22509"}],"wp:attachment":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media?parent=22449"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/categories?post=22449"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/tags?post=22449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}