1. Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

Celah Worpress

Discussion in 'Chit Chat' started by ‬‬‬‬‬R3YR3, May 11, 2010.

Page 8 of 10
  1. summer

    summer Super Hero

    Joined:
    Dec 3, 2007
    Messages:
    3,208
    Likes Received:
    284
    pusing deh ane. ada ratusan blog masak harus satu persatu di edit. ampuun. om iqbal gimana ya? blog dia 300+. si ewwink 200+ PR3.
    belum lagi ternyata bukan hanya wp-db.php yg muncul errornya, hampir semua file muncul errornya.

    nanti pas update WP, semua settingan kembali ke semula. kalo harus edit ulang, bener2 menghabiskan waktu.
    pasrah.. cuman berharap... moga2 aja gak ada yg ngejahatin.
     
    summer, May 12, 2010
    #141
  2. idotkontji

    idotkontji Hero

    Joined:
    Nov 7, 2008
    Messages:
    546
    Likes Received:
    16
    Location:
    Bogor
    There are currently 19 users browsing this thread. (9 members and 10 guests)

    1. idotkontji
    2. summer
    3. GenthonX
    4. prast
    5. djoker
    6. cahngalasz
    7. toshiba
    8. ayoberbagi
    9. Alipha

    :lol:

    --- Update ---
    Blm yang awal dipatch udah ada lagi yang ternyata eross....

    :nangis: jadi gaptek emang susah bawaannya neh saya...
     
    idotkontji, May 12, 2010
    #142
  3. teguhaditya

    teguhaditya Super Hero

    Joined:
    Jan 23, 2008
    Messages:
    7,503
    Likes Received:
    1,418
    Location:
    _ ▂ ▃ ▅ ▆ █
    coba liat
    Code:
    http://www.fatihsyuhud.com/wp-includes/wp-db.php
    wah belum di patch tuh...
     
    teguhaditya, May 12, 2010
    #143
  4. h1g4m

    h1g4m Super Hero

    Joined:
    Mar 18, 2009
    Messages:
    1,429
    Likes Received:
    78
    Location:
    Serang - banten
    ane bikin List Bug yg lebih lengkapnya gan disini
     
    h1g4m, May 12, 2010
    #144
  5. toshiba

    toshiba Ads.id Starter

    Joined:
    Oct 14, 2009
    Messages:
    62
    Likes Received:
    0
    Thanks for sharing gan..

    Btw menurut saya gak di brute force itu password nya...

    Tapi gimana ya dari wp_die itu bisa masuk sebagai admin di wp-admin..

    Masih berfikir bagaimana attacker mengexploit celah tersebut..

     
    toshiba, May 12, 2010
    #145
  6. idotkontji

    idotkontji Hero

    Joined:
    Nov 7, 2008
    Messages:
    546
    Likes Received:
    16
    Location:
    Bogor
    _http://www.cosaaranda.com/wp-includes/wp-db.php

    Coba liat juga punyanya oom cosa... :senyum:
     
    idotkontji, May 12, 2010
    #146
  7. summer

    summer Super Hero

    Joined:
    Dec 3, 2007
    Messages:
    3,208
    Likes Received:
    284
    ada beberapa hosting yg udah dari sananya waktu ane cek blank.
    tapi ada juga hosting yg muncul error.

    jadi menurut ane hosting yg blank itu udah lebih baik securitynya. lumayanlah gak perlu capek2 edit.
     
    summer, May 12, 2010
    #147
  8. h1g4m

    h1g4m Super Hero

    Joined:
    Mar 18, 2009
    Messages:
    1,429
    Likes Received:
    78
    Location:
    Serang - banten
    betul gan security dari hosting juga berpengaruh .. kalo sekiranya tanpa dimasukin script error_reporting(0); muncul blank page memang Hostingnya udah TOP securitynya
     
    h1g4m, May 12, 2010
    #148
  9. bernandin

    bernandin Super Hero

    Joined:
    Jan 20, 2010
    Messages:
    4,337
    Likes Received:
    872
    Location:
    Bondowoso
    waduh gawat nih kok ada celah juga ya wordpress
     
    bernandin, May 12, 2010
    #149
  10. leniden

    leniden Super Hero

    Joined:
    Mar 22, 2008
    Messages:
    2,403
    Likes Received:
    410
    Location:
    Palembang
    Hosting di hostgator pun nggak otomatis nutup bug ini... :nangis:
     
    leniden, May 12, 2010
    #150
  11. azunna

    azunna Super Hero

    Joined:
    Nov 28, 2008
    Messages:
    1,526
    Likes Received:
    364
    Kalo ane biasanya install wp secara manual, terus bukan di folder root domain-nya melainkan di folder sendiri yang ane buat dengan nama yang unik, misal "Xe145Vz". So kalo ada yang iseng ngecek2

    ataupun yang lainnya, maka hasilnya adalah page not found, contoh yg ada di siggy ane....... Mgkn itu salah satu langkah pengamanan yg bisa kita lakukan sewaktu pertama kali menginstall wp.............
     
    azunna, May 12, 2010
    #151
  12. idotkontji

    idotkontji Hero

    Joined:
    Nov 7, 2008
    Messages:
    546
    Likes Received:
    16
    Location:
    Bogor
    Karena newbie, saya coba liat2.... Subhanallah ada banyak juga ya ternyata...

    */wp-includes/

    /canonical.php
    /class-feed.php
    /class.wp-scripts.php
    /class.wp-styles.php
    /comment-template.php
    /default-embeds.php
    /default-filters.php
    /feed-rdf.php
    /default-filters.php
    /default-widgets.php
    /feed-atom-comments.php
    /feed-atom.php
    /feed-rdf.php
    /feed-rss.php
    /feed-rss2-comments.php
    /feed-rss2.php
    /general-template.php
    /post.php
    /media.php
    /registration-functions.php
    /rss-functions.php
    /rss.php
    /shortcodes.php
    /taxonomy.php
    /template-loader.php
    /theme.php
    /user.php
    /vars.php

    Blm lagi di folder t4 laen ini baru di */wp-includes/ doang........

    :nangis:
     
    idotkontji, May 12, 2010
    #152
  13. leniden

    leniden Super Hero

    Joined:
    Mar 22, 2008
    Messages:
    2,403
    Likes Received:
    410
    Location:
    Palembang
    Makanya mas r3yr3 pernah pesen ke ane

    SERING SERING BACKUP DATABASE
     
    leniden, May 12, 2010
    #153
  14. richirich

    richirich Super Hero

    Joined:
    May 4, 2010
    Messages:
    850
    Likes Received:
    46
    Hmmm biarpun blm nyampe ilmunya :pusing:, tetep pantengin dulu
     
    richirich, May 12, 2010
    #154
  15. toshiba

    toshiba Ads.id Starter

    Joined:
    Oct 14, 2009
    Messages:
    62
    Likes Received:
    0
    gelar tiker sambil monitor trus..

    siapa nih master yang berbaik hati share bugs dan total solusi penanganan bugs....
     
    toshiba, May 12, 2010
    #155
  16. imyatrader

    imyatrader Super Hero

    Joined:
    May 28, 2009
    Messages:
    2,579
    Likes Received:
    125
    Location:
    Malang
    bener bro.
    kalo ane harus edit ratusan repot juga.
    moga2 ga ada yg jahil deh.
    bener kata leniden, rajin2 backupdatabase.
     
    imyatrader, May 12, 2010
    #156
  17. dhyar

    dhyar Super Hero

    Joined:
    Feb 10, 2007
    Messages:
    2,660
    Likes Received:
    142
    Location:
    Tasikmalaya
    Member sini niy...duh lupa YM na niy...kasian
     
    dhyar, May 13, 2010
    #157
  18. adhi88

    adhi88 Super Hero

    Joined:
    Sep 25, 2009
    Messages:
    1,222
    Likes Received:
    50
    Location:
    CILACAP
    blog ane malah udah jadi korban bro database dihapus orang cuma disisain beberapa baris aja..
    :nangis::nangis::nangis::nangis::nangis::nangis::nangis:
    kerjaan 2 bulan hangus sudah
     
    adhi88, May 15, 2010
    #158
  19. h3rm4w4n

    h3rm4w4n Ads.id Pro

    Joined:
    Nov 22, 2008
    Messages:
    279
    Likes Received:
    14
    buat yang belum sempet inster code mending passwordnya aja diganti yang paaaanjjjjaaaang dan complete jenis karakternya..
    cape juga insert insert code nih
     
    h3rm4w4n, May 17, 2010
    #159
  20. nouveau

    nouveau Ads.id Starter

    Joined:
    Jun 6, 2008
    Messages:
    81
    Likes Received:
    18
    Location:
    Balikpapan/Malang
    sorry ga baca sampai akhir, panjang banget threadnya, cuma sempat baca sampai om R3YR3 bilang error_reporting(0); :p

    eniwei, kalau aku buat keamanan di folder wp-includes & wp-content, aku tambahin file .htaccess yg isinya:

    fungsinya untuk memproteksi akses langsung ke file php, cuma ngasih akses ke file css, gambar dan js.

    jd kalau ada yg coba akses ke wp-includes/wp-db.php dan file2 php lainnya hasilnya pasti error 404 file not found :D
     
    nouveau, May 19, 2010
    #160
Page 8 of 10

Share This Page