{"id":1071,"date":"2022-09-14T19:25:20","date_gmt":"2022-09-14T19:25:20","guid":{"rendered":"https:\/\/sunucucozumleri.com\/?p=1071"},"modified":"2022-10-09T19:11:13","modified_gmt":"2022-10-09T19:11:13","slug":"cryptophp-malware-dosyalarini-tespit-etmek-ve-silmek","status":"publish","type":"post","link":"https:\/\/sunucucozumleri.com\/blog\/cryptophp-malware-dosyalarini-tespit-etmek-ve-silmek\/","title":{"rendered":"CryptoPHP malware dosyalar\u0131n\u0131 tespit etmek ve silmek"},"content":{"rendered":"<p>Merhabalar,<br \/>\nBug\u00fcn bilgi bankam\u0131za kullanm\u0131\u015f oldu\u011funuz\/oldu\u011fumuz\u00a0<a title=\"vds kiralama\" href=\"https:\/\/sunucucozumleri.com\/sunucu\/sanal-sunucu\/\" target=\"_blank\" rel=\"noopener\"><strong>sanal sunucu<\/strong><\/a>\u00a0ve fiziksel sunucularda \u00a0<strong>CryptoPHP <a href=\"https:\/\/sunucucozumleri.com\/blog\/2024-linux-icin-en-iyi-6-kotu-amacli-yazilim-tarayicisi\/\">malware<\/a><\/strong>\u00a0zararl\u0131 dosyalar\u0131n\u0131 bulmay\u0131 ve temizlemeyi ekleyece\u011fiz.<\/p>\n<p><strong>CryptoPHP malware<\/strong>&#8216;i , komut ve kontrol sunucular\u0131 ile public key \u015fifrelemesi kullanarak ileti\u015fime ge\u00e7en sald\u0131rgan ve zararl\u0131 i\u00e7eriktir.<br \/>\nBilindik i\u00e7erik kontrol sistemleri olan\u00a0<strong>wordpress, joomla, drupal<\/strong>\u00a0gibi sistemler ile kolayl\u0131kla entegre olabilir. Yasad\u0131\u015f\u0131 arama motoru optimizasyonu yapanlar taraf\u0131ndan kullan\u0131l\u0131r. Bu script genellikle kendini g\u00fcncelleyecek \u015fekilde yap\u0131land\u0131r\u0131l\u0131r ve sahibi diler ise onu uzaktan g\u00fcncelleyebilir ya da yeni \u00f6zellikler ekleyebilir.<\/p>\n<p>Fox it , bununla ilgili detayl\u0131 bir analiz yapm\u0131\u015ft\u0131r ve https:\/\/foxitsecurity.files.wordpress.com\/2014\/11\/cryptophp-whitepaper-foxsrt-v4.pdf adresinden inceleyebilirsiniz.<\/p>\n<p>Tespiti i\u00e7in yine foxit&#8217;in haz\u0131rlad\u0131\u011f\u0131\u00a0<strong>phyton scripti<\/strong>ni kullanabiliriz. S\u0131ras\u0131yla \u00f6nce scripti indiriyoruz , \u00e7al\u0131\u015fma hakk\u0131 tan\u0131yoruz ve \/home dizinimizin alt\u0131ndaki dosyalar\u0131 taramas\u0131n\u0131 istiyoruz.<\/p>\n<p>&nbsp;<\/p>\n<pre>wget https:\/\/raw.githubusercontent.com\/fox-it\/cryptophp\/master\/scripts\/check_filesystem.py\r\nchmod +x check_filesystem.py\r\n.\/check_filesystem.py \/home\r\n<\/pre>\n<p>\u00d6rnek \u00e7\u0131kt\u0131 a\u015fa\u011f\u0131daki gibi olacakt\u0131r.<\/p>\n<pre>File matching patterns: ['*.png', '*.gif', '*.jpg', '*.bmp']\r\nRecursively scanning directory: \/home\r\n \/home\/username\/public_html\/wp-content\/themes\/VideoThemeRes\/images\/social.png: CRYPTOPHP DETECTED! (version: 0.2)\r\n \/home\/username\/public_html\/wp-content\/plugins\/_revslider\/images\/social.png: CRYPTOPHP DETECTED! (version: 0.2)\r\n<\/pre>\n<p>Silmek i\u00e7in ise a\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131rmam\u0131z yeterli olacakt\u0131r.<\/p>\n<pre>rm -rf  \/home\/username\/public_html\/wp-content\/themes\/VideoThemeRes\/images\/social.png\r\n<\/pre>\n<p>E\u011fer <a href=\"https:\/\/sunucucozumleri.com\/blog\/python-nedir\/\">python<\/a> scriptini kullanmak istemez isek, a\u015fa\u011f\u0131daki komut ile tarama i\u015flemini ger\u00e7ekle\u015ftirebiliriz.<\/p>\n<pre>find \/home\/ -name \"social*.png\" -exec grep -E -o 'php.{0,80}' {} \\; -print\r\n<\/pre>\n<p>Bol trafikli g\u00fcnler dileriz.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Merhabalar, Bug\u00fcn bilgi bankam\u0131za kullanm\u0131\u015f oldu\u011funuz\/oldu\u011fumuz\u00a0sanal sunucu\u00a0ve fiziksel sunucularda \u00a0CryptoPHP malware\u00a0zararl\u0131 dosyalar\u0131n\u0131 bulmay\u0131 ve temizlemeyi ekleyece\u011fiz. CryptoPHP malware&#8216;i , komut ve kontrol sunucular\u0131 ile public key \u015fifrelemesi kullanarak ileti\u015fime ge\u00e7en sald\u0131rgan ve zararl\u0131 i\u00e7eriktir. Bilindik i\u00e7erik kontrol sistemleri olan\u00a0wordpress, joomla, drupal\u00a0gibi sistemler ile kolayl\u0131kla entegre olabilir. Yasad\u0131\u015f\u0131 arama motoru optimizasyonu yapanlar taraf\u0131ndan kullan\u0131l\u0131r. Bu script &hellip;<\/p>\n","protected":false},"author":1,"featured_media":1456,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[],"class_list":["post-1071","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"acf":[],"_links":{"self":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/1071","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/comments?post=1071"}],"version-history":[{"count":0,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/posts\/1071\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media\/1456"}],"wp:attachment":[{"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/media?parent=1071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/categories?post=1071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sunucucozumleri.com\/blog\/wp-json\/wp\/v2\/tags?post=1071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}