{"id":9778,"date":"2018-09-07T00:49:03","date_gmt":"2018-09-06T22:49:03","guid":{"rendered":"https:\/\/thecamels.org\/atak-na-strony-oparte-o-wordpressa-poprzez-pliki-duplicatora\/"},"modified":"2021-01-12T13:13:51","modified_gmt":"2021-01-12T12:13:51","slug":"attack-on-wordpress-based-websites-through-duplicator-files","status":"publish","type":"post","link":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/","title":{"rendered":"Attack on WordPress based websites through Duplicator files"},"content":{"rendered":"\n<p>In recent hours, on many pages based on WordPress, instead of the homepage there was a screen for the installation of this CMS. The problem was the lack of the <strong>wp-config.php<\/strong> file, which was removed.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>On social networks, posts about disappearing WordPress files started to appear.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"354\" src=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/wp-config-brakuje.png\" alt=\"Entry from WordPress Poland group\" class=\"wp-image-7403\" srcset=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/wp-config-brakuje.png 1000w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/wp-config-brakuje-600x212.png 600w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/wp-config-brakuje-768x272.png 768w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/wp-config-brakuje-960x340.png 960w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/wp-config-brakuje-300x106.png 300w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/wp-config-brakuje-900x319.png 900w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/wp-config-brakuje-130x46.png 130w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption>Entry from WordPress Poland group<\/figcaption><\/figure>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\">Spis tre\u015bci<\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/#podatnosc\" >Podatno\u015b\u0107<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/#what-do-attackers-have-access-to\" >What do attackers have access to?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/#how-to-protect-yourself-and-what-to-do\" >How to protect yourself and what to do?<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"podatnosc\"><\/span>Podatno\u015b\u0107<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>After analysis on several servers, the vector of the attack were the <strong>files left after page migration<\/strong> using the <a href=\"https:\/\/thecamels.org\/en\/prohibited-and-forbidden-plugins-for-wordpress\/\"><span>Duplicator plugin<\/span><\/a>. Example of an attack log on a website:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>54.38.130.58 - - &#91;06\/Sep\/2018:13:22:24 +0000] \"POST \/installer.php HTTP\/1.1\" 200 497 \"example.pl\/wp-admin\/admin-ajax.php\" \"Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/36.0.1985.143 Safari\/537.36\"\n54.38.130.58 - - &#91;06\/Sep\/2018:13:22:24 +0000] \"POST \/installer-backup.php HTTP\/1.1\" 200 497 \"example.pl\/wp-admin\/admin-ajax.php\" \"Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/36.0.1985.143 Safari\/537.36\"\n54.38.130.58 - - &#91;06\/Sep\/2018:13:22:25 +0000] \"GET \/wp-crawl.php?q=ZWNobyAiYmFyYmllZGVuIjs= HTTP\/1.1\" 200 9 \"-\" \"Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/36.0.1985.143 Safari\/537.36\"\n54.38.130.58 - - &#91;06\/Sep\/2018:13:22:26 +0000] \"GET \/wp-content\/uploads\/wp-crawl.php?q=ZWNobyAiYmFyYmllZGVuIjs= HTTP\/1.1\" 200 9 \"-\" \"Mozilla\/5.0 (Windows NT 6.1; WOW64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/36.0.1985.143 Safari\/537.36\"<\/code><\/pre>\n\n\n\n<p>An attacker using the left file <strong>installer.php<\/strong> (or installer-backup.php) is able to upload e.g. Trojan horses to the server and gain access to the files on the server and database. This is a <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/www.synacktiv.com\/ressources\/advisories\/WordPress_Duplicator-1.2.40-RCE.pdf\"><span>Remote Code Execution<\/span><\/a> error, which <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"https:\/\/www.wordfence.com\/blog\/2018\/09\/duplicator-update-patches-remote-code-execution-flaw\/\"><span>was also confirmed by Wordfence<\/span><\/a>.<\/p>\n\n\n\n<p>The vulnerability itself does not exist in the Duplicator plugin, <strong>but is in files that are generated to move the page to another server.<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1588\" height=\"1892\" src=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/duplicator-restore.png\" alt=\"Window for restoring a page via Duplicator\" class=\"wp-image-7425\" srcset=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/duplicator-restore.png 1588w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/duplicator-restore-600x715.png 600w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/duplicator-restore-1400x1668.png 1400w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/duplicator-restore-768x915.png 768w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/duplicator-restore-1289x1536.png 1289w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/duplicator-restore-960x1144.png 960w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/duplicator-restore-252x300.png 252w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/duplicator-restore-859x1024.png 859w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/duplicator-restore-900x1072.png 900w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/duplicator-restore-109x130.png 109w\" sizes=\"auto, (max-width: 1588px) 100vw, 1588px\" \/><figcaption>Window for restoring a page via Duplicator<\/figcaption><\/figure>\n\n\n\n<p>By passing the value of <strong>action_ajax=3<\/strong> in the POST parameter, the attacker is able to bypass the file verification window and overwrite it <strong>wp-config.php<\/strong>.<\/p>\n\n\n\n<p>In the next step, simply visit the attacked page to read the <strong>wp-config.php<\/strong> file, which already has malicious code.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"what-do-attackers-have-access-to\"><\/span>What do attackers have access to?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>If your <a href=\"https:\/\/thecamels.org\/en\/compendium-how-to-secure-your-wordpress\/#Do_not_treat_your_server_like_a_trash\"><span>server was cluttered<\/span><\/a>, and what&#8217;s worse, the files created by Duplicator during website migration, the attacker has access to <strong>all data<\/strong> related to your website.<\/p>\n\n\n\n<p>Sample files left after page migration using Duplicator:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>20180906_examplepl_8b5c33bcbb1d027b1870180906225049_archive.zip<\/li><li>installer-backup.php<\/li><li>installer-data.sql<\/li><li>installer-log.txt<\/li><li>installer.php<\/li><\/ul>\n\n\n\n<p>The <strong>zip<\/strong> file contains a copy of all files on the a <strong>sql<\/strong> page, the database. After migration, all above mentioned files should be deleted.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"how-to-protect-yourself-and-what-to-do\"><\/span>How to protect yourself and what to do?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>If an archive created by Duplicator has been downloaded, the attacker should be considered to have access to the database and files on the website. <strong>First of all, you should restore the page from backup and change all passwords related to it.<\/strong><\/p>\n\n\n\n<p><a href=\"https:\/\/thecamels.org\/en\/useful-plugins-for-wordpress\/#Duplicator\"><span>After migrating a page using Duplicator<\/span><\/a>, delete all of its files. The plugin itself allows you to do this immediately after logging in to the WordPress admin panel.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1000\" height=\"489\" src=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/07\/duplicator-14.png\" alt=\"Delete files after migration has been completed\" class=\"wp-image-7321\" srcset=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/07\/duplicator-14.png 1000w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/07\/duplicator-14-600x293.png 600w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/07\/duplicator-14-768x376.png 768w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/07\/duplicator-14-960x469.png 960w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/07\/duplicator-14-300x147.png 300w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/07\/duplicator-14-900x440.png 900w, https:\/\/thecamels.org\/wp-content\/uploads\/2018\/07\/duplicator-14-130x64.png 130w\" sizes=\"auto, (max-width: 1000px) 100vw, 1000px\" \/><figcaption>Delete files after migration has been completed<\/figcaption><\/figure>\n\n\n\n<p>Click on the link: <strong>Remove installation Files Now!<\/strong> It is still worth checking if all installation files have actually been removed. In case of the attack described above, it could have been such that the files were not deleted due to an error in the plugin.<\/p>\n\n\n\n<p><strong>On our servers, these files have been deleted for security reasons.<\/strong><\/p>\n\n\n\n<p>If you <a href=\"https:\/\/thecamels.org\/en\/compendium-how-to-secure-your-wordpress\/#Providing_access_data_to_other_services_in_WordPress\"><span>have stored data for various services<\/span><\/a> such as mail systems, newsletter data, etc. in WordPress, you also need to change your passwords there.<\/p>\n\n\n\n<p>For detailed information about WordPress security, please refer to our <a href=\"https:\/\/thecamels.org\/en\/compendium-how-to-secure-your-wordpress\/\"><span>compendium<\/span><\/a>. We would like to remind you that <a href=\"https:\/\/thecamels.org\/en\/prohibited-and-forbidden-plugins-for-wordpress\/\"><span>using backup plug-ins can be very dangerous<\/span><\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In recent hours, on many pages based on WordPress, instead of the homepage there was a screen for the installation of this CMS. The problem was the lack of the wp-config.php file, which was removed.<\/p>\n","protected":false},"author":1,"featured_media":17104,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[150],"tags":[698,685],"class_list":["post-9778","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-security","tag-wordpress-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attack on WordPress based websites through Duplicator files - Thecamels.org<\/title>\n<meta name=\"description\" content=\"Recently, there has been another attack against sites placed on WordPress. This time the attack was made via Duplicator files. See how to protect yourself.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attack on WordPress based websites through Duplicator files - Thecamels.org\" \/>\n<meta property=\"og:description\" content=\"Recently, there has been another attack against sites placed on WordPress. This time the attack was made via Duplicator files. See how to protect yourself.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/?utm_source=dark&amp;utm_medium=social&amp;utm_campaign=open-graph\" \/>\n<meta property=\"og:site_name\" content=\"Thecamels.org\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/thecamels.org\/\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-06T22:49:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-01-12T12:13:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/87.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kamil Porembi\u0144ski\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/87.png\" \/>\n<meta name=\"twitter:creator\" content=\"@thecamelsorg\" \/>\n<meta name=\"twitter:site\" content=\"@thecamelsorg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kamil Porembi\u0144ski\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/\"},\"author\":{\"name\":\"Kamil Porembi\u0144ski\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#\\\/schema\\\/person\\\/b7bd2aec5f506a68323eb40c86d38a32\"},\"headline\":\"Attack on WordPress based websites through Duplicator files\",\"datePublished\":\"2018-09-06T22:49:03+00:00\",\"dateModified\":\"2021-01-12T12:13:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/\"},\"wordCount\":487,\"publisher\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/88.png\",\"keywords\":[\"security\",\"wordpress\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/\",\"url\":\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/\",\"name\":\"Attack on WordPress based websites through Duplicator files - Thecamels.org\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/88.png\",\"datePublished\":\"2018-09-06T22:49:03+00:00\",\"dateModified\":\"2021-01-12T12:13:51+00:00\",\"description\":\"Recently, there has been another attack against sites placed on WordPress. This time the attack was made via Duplicator files. See how to protect yourself.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/#primaryimage\",\"url\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/88.png\",\"contentUrl\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/88.png\",\"width\":1200,\"height\":627,\"caption\":\"Atak na strony oparte o WordPressa poprzez pliki Duplicatora\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/attack-on-wordpress-based-websites-through-duplicator-files\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"[HOME]\",\"item\":\"https:\\\/\\\/thecamels.org\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/thecamels.org\\\/en\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Attack on WordPress based websites through Duplicator files\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/thecamels.org\\\/en\\\/\",\"name\":\"Thecamels.org\",\"description\":\"Hosting SSD NVMe z certyfikatem SSL i HTTP\\\/2. Administracja serwerami, skalowanie infrastruktury. Mamy g\u0142ow\u0119 do serwer\u00f3w i zadbamy o Twoj\u0105 stron\u0119 w sieci.\",\"publisher\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/thecamels.org\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#organization\",\"name\":\"Thecamels\",\"url\":\"https:\\\/\\\/thecamels.org\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/TC-logo-nowe.png\",\"contentUrl\":\"https:\\\/\\\/thecamels.org\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/TC-logo-nowe.png\",\"width\":826,\"height\":106,\"caption\":\"Thecamels\"},\"image\":{\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/thecamels.org\\\/\",\"https:\\\/\\\/x.com\\\/thecamelsorg\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/the-camels\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC01xYBZbIAApTuPWuqgGE4Q\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/thecamels.org\\\/en\\\/#\\\/schema\\\/person\\\/b7bd2aec5f506a68323eb40c86d38a32\",\"name\":\"Kamil Porembi\u0144ski\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g\",\"caption\":\"Kamil Porembi\u0144ski\"},\"description\":\"Architekt systemowy, administrator Linux, a czasem Windows. Lubi tematyk\u0119 security. Obecnie w\u0142a\u015bciciel firmy thecamels.org, zajmuj\u0105cej si\u0119 projektowaniem system\u00f3w o wysokiej dost\u0119pno\u015bci. Zajmuje si\u0119 skalowaniem du\u017cych aplikacji internetowych, wspieraniem startup\u00f3w w kwestiach serwerowych. Po godzinach zajmuje si\u0119 \u017ceglowaniem po morzach, lataniem, fotografi\u0105 i podr\u00f3\u017cami.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attack on WordPress based websites through Duplicator files - Thecamels.org","description":"Recently, there has been another attack against sites placed on WordPress. This time the attack was made via Duplicator files. See how to protect yourself.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/","og_locale":"en_US","og_type":"article","og_title":"Attack on WordPress based websites through Duplicator files - Thecamels.org","og_description":"Recently, there has been another attack against sites placed on WordPress. This time the attack was made via Duplicator files. See how to protect yourself.","og_url":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/?utm_source=dark&utm_medium=social&utm_campaign=open-graph","og_site_name":"Thecamels.org","article_publisher":"https:\/\/www.facebook.com\/thecamels.org\/","article_published_time":"2018-09-06T22:49:03+00:00","article_modified_time":"2021-01-12T12:13:51+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/87.png","type":"image\/png"}],"author":"Kamil Porembi\u0144ski","twitter_card":"summary_large_image","twitter_image":"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/87.png","twitter_creator":"@thecamelsorg","twitter_site":"@thecamelsorg","twitter_misc":{"Written by":"Kamil Porembi\u0144ski","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/#article","isPartOf":{"@id":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/"},"author":{"name":"Kamil Porembi\u0144ski","@id":"https:\/\/thecamels.org\/en\/#\/schema\/person\/b7bd2aec5f506a68323eb40c86d38a32"},"headline":"Attack on WordPress based websites through Duplicator files","datePublished":"2018-09-06T22:49:03+00:00","dateModified":"2021-01-12T12:13:51+00:00","mainEntityOfPage":{"@id":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/"},"wordCount":487,"publisher":{"@id":"https:\/\/thecamels.org\/en\/#organization"},"image":{"@id":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/#primaryimage"},"thumbnailUrl":"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/88.png","keywords":["security","wordpress"],"articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/","url":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/","name":"Attack on WordPress based websites through Duplicator files - Thecamels.org","isPartOf":{"@id":"https:\/\/thecamels.org\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/#primaryimage"},"image":{"@id":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/#primaryimage"},"thumbnailUrl":"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/88.png","datePublished":"2018-09-06T22:49:03+00:00","dateModified":"2021-01-12T12:13:51+00:00","description":"Recently, there has been another attack against sites placed on WordPress. This time the attack was made via Duplicator files. See how to protect yourself.","breadcrumb":{"@id":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/#primaryimage","url":"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/88.png","contentUrl":"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/88.png","width":1200,"height":627,"caption":"Atak na strony oparte o WordPressa poprzez pliki Duplicatora"},{"@type":"BreadcrumbList","@id":"https:\/\/thecamels.org\/en\/attack-on-wordpress-based-websites-through-duplicator-files\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"[HOME]","item":"https:\/\/thecamels.org\/en\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/thecamels.org\/en\/blog\/"},{"@type":"ListItem","position":3,"name":"Attack on WordPress based websites through Duplicator files"}]},{"@type":"WebSite","@id":"https:\/\/thecamels.org\/en\/#website","url":"https:\/\/thecamels.org\/en\/","name":"Thecamels.org","description":"Hosting SSD NVMe z certyfikatem SSL i HTTP\/2. Administracja serwerami, skalowanie infrastruktury. Mamy g\u0142ow\u0119 do serwer\u00f3w i zadbamy o Twoj\u0105 stron\u0119 w sieci.","publisher":{"@id":"https:\/\/thecamels.org\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/thecamels.org\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/thecamels.org\/en\/#organization","name":"Thecamels","url":"https:\/\/thecamels.org\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/thecamels.org\/en\/#\/schema\/logo\/image\/","url":"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/TC-logo-nowe.png","contentUrl":"https:\/\/thecamels.org\/wp-content\/uploads\/2018\/09\/TC-logo-nowe.png","width":826,"height":106,"caption":"Thecamels"},"image":{"@id":"https:\/\/thecamels.org\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/thecamels.org\/","https:\/\/x.com\/thecamelsorg","https:\/\/www.linkedin.com\/company\/the-camels","https:\/\/www.youtube.com\/channel\/UC01xYBZbIAApTuPWuqgGE4Q"]},{"@type":"Person","@id":"https:\/\/thecamels.org\/en\/#\/schema\/person\/b7bd2aec5f506a68323eb40c86d38a32","name":"Kamil Porembi\u0144ski","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4b2d40949e6453ecdd7663e9a61fac171f31810a28bdc5be0c4d7eca89f41571?s=96&d=identicon&r=g","caption":"Kamil Porembi\u0144ski"},"description":"Architekt systemowy, administrator Linux, a czasem Windows. Lubi tematyk\u0119 security. Obecnie w\u0142a\u015bciciel firmy thecamels.org, zajmuj\u0105cej si\u0119 projektowaniem system\u00f3w o wysokiej dost\u0119pno\u015bci. Zajmuje si\u0119 skalowaniem du\u017cych aplikacji internetowych, wspieraniem startup\u00f3w w kwestiach serwerowych. Po godzinach zajmuje si\u0119 \u017ceglowaniem po morzach, lataniem, fotografi\u0105 i podr\u00f3\u017cami."}]}},"_links":{"self":[{"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/posts\/9778","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/comments?post=9778"}],"version-history":[{"count":4,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/posts\/9778\/revisions"}],"predecessor-version":[{"id":16734,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/posts\/9778\/revisions\/16734"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/media\/17104"}],"wp:attachment":[{"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/media?parent=9778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/categories?post=9778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecamels.org\/en\/wp-json\/wp\/v2\/tags?post=9778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}