{"id":8799,"date":"2026-04-05T12:08:59","date_gmt":"2026-04-05T03:08:59","guid":{"rendered":"https:\/\/now0930.pe.kr\/wordpress\/?p=8799"},"modified":"2026-04-05T12:09:01","modified_gmt":"2026-04-05T03:09:01","slug":"%f0%9f%9b%a1%ef%b8%8f-ai-%ec%97%90%ec%9d%b4%ec%a0%84%ed%8a%b8%ec%99%80-%ed%95%a8%ea%bb%98%ed%95%9c-%ec%9b%8c%eb%93%9c%ed%94%84%eb%a0%88%ec%8a%a4-%eb%b0%b1%eb%8f%84%ec%96%b4-%ec%86%8c%ed%83%95","status":"publish","type":"post","link":"https:\/\/now0930.pe.kr\/wordpress\/%f0%9f%9b%a1%ef%b8%8f-ai-%ec%97%90%ec%9d%b4%ec%a0%84%ed%8a%b8%ec%99%80-%ed%95%a8%ea%bb%98%ed%95%9c-%ec%9b%8c%eb%93%9c%ed%94%84%eb%a0%88%ec%8a%a4-%eb%b0%b1%eb%8f%84%ec%96%b4-%ec%86%8c%ed%83%95\/","title":{"rendered":"\ud83d\udee1\ufe0f AI \uc5d0\uc774\uc804\ud2b8\uc640 \ud568\uaed8\ud55c \uc6cc\ub4dc\ud504\ub808\uc2a4 \ubc31\ub3c4\uc5b4 \uc18c\ud0d5 \uc791\uc804 (Incident Response)"},"content":{"rendered":"\n<p>\ucd5c\uadfc \uc6b4\uc601 \uc911\uc778 <strong>[MASKED] \uc0ac\uc591\uc758 \ud648 \uc11c\ubc84<\/strong> \uc6cc\ub4dc\ud504\ub808\uc2a4\uc5d0\uc11c \uc815\uad50\ud558\uac8c \uc124\uacc4\ub41c \ubcf4\uc548 \uce68\ud574 \uc0ac\uace0\ub97c \ubc1c\uacac\ud588\uc2b5\ub2c8\ub2e4. \uac15\ub825\ud55c AI \uc5d0\uc774\uc804\ud2b8\uc640 \ud611\uc5c5\ud558\uc5ec \uc2dc\uc2a4\ud15c \uc8fc\ub3c4\uad8c\uc744 \uc644\uc804\ud788 \ub418\ucc3e\uc740 \uacfc\uc815\uc744 \ub2e8\uacc4\ubcc4\ub85c \uae30\ub85d\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. \ucd08\ubc18 \uc9d5\ud6c4 \ud0d0\uc9c0 (Detection)<\/h3>\n\n\n\n<p>\uc0ac\uc774\ud2b8 \uad00\ub9ac \uc911 \ub2e4\uc74c\uacfc \uac19\uc740 \uce58\uba85\uc801\uc778 \ubcf4\uc548 \uc704\ud611\uc744 \ud3ec\ucc29\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\ub85c\uadf8\uc778 \ubd88\ub2a5<\/strong>: <code>wp-admin<\/code> \uc811\uc18d \uc2dc \uc778\uc99d \uc624\ub958 \ub610\ub294 \ubb34\ud55c \ub8e8\ud504 \ubc1c\uc0dd\uc73c\ub85c \uad00\ub9ac\uc790 \uad8c\ud55c \uc0c1\uc2e4.<\/li>\n\n\n\n<li><strong>\uc811\uadfc \ucc28\ub2e8<\/strong>: <code>.htaccess<\/code> \ud30c\uc77c \ubcc0\uc870\ub85c \uc778\ud574 \ud2b9\uc815 \uacbd\ub85c \uc811\uadfc \uc2dc <code>403 Forbidden<\/code> \ub610\ub294 <code>Deny from all<\/code> \uaddc\uce59 \uac15\uc81c \uc801\uc6a9.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. \uc138\ubd80 \uc6d0\uc778 \ubd84\uc11d (Analysis)<\/h3>\n\n\n\n<p>\ud130\ubbf8\ub110(Root) \uc138\uc158\uc744 \ud1b5\ud574 \uc11c\ubc84 \ub0b4\ubd80\ub97c \uc815\ubc00 \ubd84\uc11d\ud55c \uacb0\uacfc, \ub2e4\uac01\uc801\uc778 \uce68\ud22c \ud754\uc801\uc774 \ub4dc\ub7ec\ub0ac\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\uc124\uc815 \ud30c\uc77c \ubcc0\uc870<\/strong>: <code>.htaccess<\/code> \ub0b4 \ube44\uc815\uc0c1\uc801\uc778 \uc811\uadfc \uac70\ubd80 \uaddc\uce59 \uc0bd\uc785.<\/li>\n\n\n\n<li><strong>\ubc31\ub3c4\uc5b4 \uc2dd\ubcc4<\/strong>: <code>unauth-file-upload.php<\/code>\ub77c\ub294 \uc545\uc131 \uc2a4\ud06c\ub9bd\ud2b8\uac00 \ud50c\ub7ec\uadf8\uc778 \uacbd\ub85c\uc5d0 \uc0c1\uc8fc\ud558\uba70 \uad8c\ud55c \ud0c8\ucde8 \uc2dc\ub3c4.<\/li>\n\n\n\n<li><strong>\uc5b8\uc5b4 \ud329 \uc624\uc5fc<\/strong>: <code>languages\/plugins\/jetpack-ko_KR.po<\/code> \ub0b4\ubd80\uc5d0 \uc545\uc131 \ud30c\uc77c\uba85\uc744 \uc8fc\uc785\ud558\uc5ec \uc2dc\uc2a4\ud15c \ub85c\uc9c1\uc5d0 \uae30\uc0dd.<\/li>\n\n\n\n<li><strong>\ube44\uc815\uc0c1 \ub514\ub809\ud1a0\ub9ac<\/strong>: \ud45c\uc900 \uad6c\uc870\uc5d0 \uc5c6\ub294 <code>phpPasswd<\/code>, <code>mu-plugins<\/code> \ub0b4 \uac00\uc9dc \uc2a4\ud06c\ub9bd\ud2b8, <code>temp<\/code> \ud3f4\ub354\uc758 \uc545\uc131 \ub370\uc774\ud130 \ud655\uc778.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. \ud574\uacb0 \uacfc\uc815 \uc911 \uc9c1\uba74\ud55c \ub09c\uad00 (Issues during Recovery)<\/h3>\n\n\n\n<p>\uc870\uce58\ub97c \uc9c4\ud589\ud558\ub358 \uc911, \ud574\ucee4\uac00 \uc2ec\uc5b4\ub193\uc740 \uc790\ub3d9\ud654\ub41c \ubc29\uc5b4 \uae30\uc81c\ub85c \uc778\ud574 \ub2e4\uc74c\uacfc \uac19\uc740 \uae30\uc220\uc801 \uc7a5\uc560\uac00 \ubc1c\uc0dd\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\ub048\uc9c8\uae34 \uc790\ub3d9 \uc7ac\uc0dd\uc131<\/strong>: <code>jetpack<\/code> \ud50c\ub7ec\uadf8\uc778 \ud3f4\ub354\ub97c \uc0ad\uc81c\ud558\uac70\ub098 \ud30c\uc77c\uc744 \uc9c0\uc6cc\ub3c4, \ud50c\ub7ec\uadf8\uc778 \uc124\uce58\uc640 \ub3d9\uc2dc\uc5d0 <code>unauth-file-upload.php<\/code> \ud30c\uc77c\uc774 \uc989\uac01\uc801\uc73c\ub85c \uc790\ub3d9 \uc7ac\uc0dd\uc131\ub418\ub294 \ud604\uc0c1 \ubc1c\uacac.<\/li>\n\n\n\n<li><strong>\ucd94\uc801\uc758 \uc5b4\ub824\uc6c0<\/strong>: \ud574\ub2f9 \ud30c\uc77c\uc744 \uc5b4\ub290 \ud504\ub85c\uc138\uc2a4\ub098 \uc2a4\ud06c\ub9bd\ud2b8\uac00 \uc2e4\uc2dc\uac04\uc73c\ub85c \uc0dd\uc131\ud558\ub294\uc9c0\ub294 \ud604\uc7ac \ub2e8\uacc4\uc5d0\uc11c \ud655\uc778 \ubd88\uac00(\ucd94\ud6c4 \uc815\ubc00 \ubd84\uc11d \uc608\uc815).<\/li>\n\n\n\n<li><strong>\ud50c\ub7ec\uadf8\uc778 \ucda9\ub3cc<\/strong>: \uc774 \uc790\ub3d9 \uc0dd\uc131\ub41c \ud30c\uc77c\uc774 \ub514\ub809\ud1a0\ub9ac\ub97c \uc120\uc810\ud558\uace0 \uc788\uc5b4, \uc815\uc2dd \ud50c\ub7ec\uadf8\uc778 \uc124\uce58 \uc2dc &#8220;\ub300\uc0c1 \ud3f4\ub354\uac00 \uc774\ubbf8 \uc874\uc7ac\ud568&#8221; \uc5d0\ub7ec\uc640 \ud568\uaed8 \uc124\uce58 \ud504\ub85c\uc138\uc2a4 \uc911\ub2e8.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4. \ub2e8\uacc4\ubcc4 \uc2e4\ud589 (Execution)<\/h3>\n\n\n\n<p>\ub2e8\uc21c \uc0ad\uc81c\uac00 \ubd88\uac00\ub2a5\ud55c \uc0c1\ud669\uc5d0\uc11c <strong>&#8216;\ubb34\ub825\ud654 \ubc0f \ubb3c\ub9ac\uc801 \ubd09\uc778&#8217;<\/strong> \uc804\ub7b5\uc744 \ud0dd\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Step A. \uc124\uc815 \ubcf5\uad6c<\/strong>: <code>.htaccess<\/code>\ub97c \ud45c\uc900 \uaddc\uaca9\uc73c\ub85c \ucd08\uae30\ud654\ud558\uc5ec \uad00\ub9ac\uc790 \uc811\uadfc\uc131 \ud68c\ubcf5.<\/li>\n\n\n\n<li><strong>Step B. \uc219\uc8fc \uc81c\uac70<\/strong>: <code>phpPasswd<\/code>, <code>temp<\/code> \ub4f1 \ube44\uc815\uc0c1 \ud3f4\ub354\ub97c \uac15\uc81c \uc0ad\uc81c(<code>rm -rf<\/code>)\ud558\uace0 \uc624\uc5fc\ub41c \uc784\uc2dc \ud30c\uc77c \uc815\ud654.<\/li>\n\n\n\n<li><strong>Step C. \ud30c\uc77c \ub0b4\uc6a9 \ubb34\ub825\ud654<\/strong>: \uc790\ub3d9 \uc7ac\uc0dd\uc131\ub41c \uc545\uc131 PHP \ud30c\uc77c\uc758 \ub0b4\uc6a9\uc744 \uc644\uc804\ud788 \ube44\uc6cc <strong>0\ubc14\uc774\ud2b8(Empty)<\/strong> \uc0c1\ud0dc\ub85c \uc804\ud658.<\/li>\n\n\n\n<li><strong>Step D. \ucee4\ub110 \uc218\uc900 \ubd09\uc778 (\ud575\uc2ec)<\/strong>: \ub9ac\ub205\uc2a4 \ucee4\ub110\uc758 <strong>Immutable(\ubd88\ubcc0) \uc18d\uc131<\/strong>\uc744 \ubd80\uc5ec\ud558\uc5ec, \uc2dc\uc2a4\ud15c\uc774 \ud30c\uc77c\uc744 \uc7ac\uc0dd\uc131\ud558\uac70\ub098 \ub0b4\uc6a9\uc744 \ucc44\uc6b0\ub824\ub294 \uc2dc\ub3c4\ub97c \ucee4\ub110 \uc218\uc900\uc5d0\uc11c \ucc28\ub2e8.Bash<code># \uc7ac\uc0dd\uc131 \ubc0f \uc218\uc815\uc744 \uc6d0\ucc9c \ubd09\uc1c4\ud558\ub294 \uc790\ubb3c\uc1e0 \uc124\uc815 sudo chattr +i wp-content\/plugins\/jetpack\/unauth-file-upload.php<\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5. \ucd5c\uc885 \ud655\uc778 \ubc0f \uc885\ub8cc (Verification &amp; Conclusion)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\uc811\uadfc\uc131 \ubcf5\uad6c<\/strong>: <code>.htaccess<\/code> \ubcf5\uad6c \ud6c4 <code>wp-admin<\/code> \ub85c\uadf8\uc778 \ubc0f \uad00\ub9ac\uc790 \ud398\uc774\uc9c0 \uc815\uc0c1 \uc9c4\uc785.<\/li>\n\n\n\n<li><strong>\ubcf4\uc548\uc131 \uac80\uc0ac<\/strong>: <code>lsattr<\/code>\ub85c \ubc31\ub3c4\uc5b4 \ud30c\uc77c\uc5d0 &#8216;i(Immutable)&#8217; \uc790\ubb3c\uc1e0\uac00 \ucc44\uc6cc\uc84c\uc74c\uc744 \ud655\uc778\ud558\uace0, <code>cat<\/code>\uc73c\ub85c \ub0b4\uc6a9\uc774 \ube44\uc5b4\uc788\uc74c\uc744 \ucd5c\uc885 \uac80\uc99d.<\/li>\n\n\n\n<li><strong>\uc11c\ube44\uc2a4 \uc815\uc0c1\ud654<\/strong>: \uc790\ub3d9 \uc7ac\uc0dd\uc131 \uc5d4\uc9c4\uc744 \ubb34\ub825\ud654\ud55c \ud6c4, \uc5d0\ub7ec\uac00 \ubc1c\uc0dd\ud558\ub358 \ud50c\ub7ec\uadf8\uc778\ub4e4\uc744 \uc815\uc0c1\uc801\uc73c\ub85c \uc7ac\uc124\uce58 \uc644\ub8cc.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>[Summary]<\/strong><\/p>\n\n\n\n<p>\uc774\ubc88 \uc0ac\uac74\uc740 \ub2e8\uc21c\ud788 \ud30c\uc77c\uc744 \uc9c0\uc6b0\ub294 \uac83\ub9cc\uc73c\ub85c\ub294 \ubd80\uc871\ud55c, \uc2dc\uc2a4\ud15c \uc218\uc900\uc758 \ub300\uc751\uc774 \ud544\uc694\ud588\ub358 \uc0ac\ub840\uc785\ub2c8\ub2e4. <strong>\uc5d4\uc9c0\ub2c8\uc5b4\uc758 \uc9c1\uad00\uacfc AI\uc758 \ubd84\uc11d\ub825<\/strong>\uc774 \uacb0\ud569\ud588\uc744 \ub54c \uc774\ub7ec\ud55c \uc815\uad50\ud55c \uce68\ud574 \uc0ac\uace0\ub97c \uc2e0\uc18d\ud558\uac8c \uc885\uacb0\uc2dc\ud0ac \uc218 \uc788\uc5c8\uc2b5\ub2c8\ub2e4. [MASKED] \uc11c\ubc84\ub294 \uc774\uc81c \ub2e4\uc2dc \ubcf8\uc5f0\uc758 \uc5f0\uad6c \uc791\uc5c5\uc5d0 100% \uac00\ub3d9 \uc911\uc785\ub2c8\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ucd5c\uadfc \uc6b4\uc601 \uc911\uc778 [MASKED] \uc0ac\uc591\uc758 \ud648 \uc11c\ubc84 \uc6cc\ub4dc\ud504\ub808\uc2a4\uc5d0\uc11c \uc815\uad50\ud558\uac8c \uc124\uacc4\ub41c \ubcf4\uc548 \uce68\ud574 \uc0ac\uace0\ub97c \ubc1c\uacac\ud588\uc2b5\ub2c8\ub2e4. \uac15\ub825\ud55c AI \uc5d0\uc774\uc804\ud2b8\uc640 \ud611\uc5c5\ud558\uc5ec \uc2dc\uc2a4\ud15c \uc8fc\ub3c4\uad8c\uc744 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[12],"tags":[1925,1923,1930,1929,1928,1927,1926,1920,1921,1931,1922,1924,1932,1882],"class_list":["post-8799","post","type-post","status-publish","format-standard","hentry","category-12","tag-ai","tag-chattr","tag-htaccess","tag-incidentresponse","tag-malwareremoval","tag-unauth-file-upload","tag-wordpresssecurity","tag-1920","tag-1921","tag-1931","tag-1922","tag-1924","tag-1932","tag-1882"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/now0930.pe.kr\/wordpress\/wp-json\/wp\/v2\/posts\/8799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/now0930.pe.kr\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/now0930.pe.kr\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/now0930.pe.kr\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/now0930.pe.kr\/wordpress\/wp-json\/wp\/v2\/comments?post=8799"}],"version-history":[{"count":1,"href":"https:\/\/now0930.pe.kr\/wordpress\/wp-json\/wp\/v2\/posts\/8799\/revisions"}],"predecessor-version":[{"id":8800,"href":"https:\/\/now0930.pe.kr\/wordpress\/wp-json\/wp\/v2\/posts\/8799\/revisions\/8800"}],"wp:attachment":[{"href":"https:\/\/now0930.pe.kr\/wordpress\/wp-json\/wp\/v2\/media?parent=8799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/now0930.pe.kr\/wordpress\/wp-json\/wp\/v2\/categories?post=8799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/now0930.pe.kr\/wordpress\/wp-json\/wp\/v2\/tags?post=8799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}