Yang ini HACK nya parah banget, ADUHHH!!

Sejak kemaren domain utama dah terindikasi berisi malware oleh google crome. domain yang pertama kena juga udah begitu. sial dah. susah juga ya benerinnya

dari semua web baru ta cek 4, lagi sibuk offlinenya euuuy. HG lama beneeeeeeeeer merbaikinnya...

iya gan, cuma di root folder domainnya kok. tapi buanyak juga

bantuin gan

mending masih bisa ngedit htacces ya gan, ane mah permissionnya kok dirubah ya kayaknya ama dia, cara ngrubahnya gimana ya

---------- Post added at 06:41 PM ---------- Previous post was at 06:22 PM ----------

Ternyata cuma 4-an yang kena, alhamdulillah ga semua

gimana nih para ahli perhack-an, penyebab dan bagaimana mengatasinya

kayaknya om TS juga yang kena htaccesnya deh.. mirip soalnya.

 

minta ke hostingnya buar scan ,, kali aja ada backdoor, trus mnta ganti aja ma hostingnya .htaccess smuanya, tnjukin file htaccess yg bermasalah trus minta di replace gmana g2

pihak security biar ada krjaan

---------- Post added at 06:47 PM ---------- Previous post was at 06:44 PM ----------

eith,, mau tanya juga,, apa pake tool di web ini
h__p://sitecheck.sucuri.net/scanner/
ampuh??? (bnr bs deteksi malware ky masalah trid ini?)

gmana cr ente scan gan??? mau cek blog ane sp tau juga masih kena serangan

 

ane tau ada malware dari browser doang gan

dari hari pertama ane dah contact HG gan, baru hari ini fixednya, tapi domain utama malah belum beres kayaknya, masih kedetect ada malwarenya.

ini penjelasan dari support HG, baca biar tau penyebab2nya

Spoiler

Greetings,

It looks like this was done through the timthumb exploit in your wordpres theme.
/home/apachelogs/mumu/*********oice.g*******ro.com-Jan-2012.gz: 77.109.111.66 - - [03/Jan/2012:13:31:17 -0600] "POST /wp-content/themes/EarthlyTouch/cache/external_3e72ca9ffcdc51b38475a75a794cacf1.php HTTP/1.1" 200 52 "-" "Python-urllib/2.6"


At this time, I have updated your timthumb installation to a non-vulnerable version, and removed the rewrites from your account.


I have also removed the following malicious files:


/home/mumu/public_html/***********e.org/wp-content/uploads/_cache.php: HG.PHP.Shell.1614.UNOFFICIAL FOUND
/home/mumu/public_html/**********e.org/wp-content/uploads/_wp_cache.php: HG.PHP.Shell.1614.UNOFFICIAL FOUND
ome/mumu/public_html/i**********s.com/demo/one/admin/3rdparty/fck/editor/filemanager/browser/default/images/icons/32/6aaf.php
/home/mumu/public_html/id**********s.com/demo/one/admin/3rdparty/fck/editor/filemanager/browser/default/images/icons/32/cc6.php
/home/mumu/public_html/lei**********e.info/wp-includes/functions.php
/home/mumu/public_html/ba**********n.info/wp-includes/functions.php
/home/mumu/public_html/fe**********.info/wp-includes/functions.php
/home/mumu/public_html/ho**********e.org/id/wp-includes/functions.php
/home/mumu/public_html/h**********e.org/wp-content/themes/h**********ce/epanel/page_templates/js/prettyphoto/images/prettyPhoto/light_square/0c10.php
/home/mumu/public_html/h**********e.org/wp-content/themes/ho**********ce/epanel/page_templates/js/prettyphoto/images/prettyPhoto/light_square/c72.php
/home/mumu/public_html/ho**********ce.org/wp-content/themes/ho**********oice/epanel/page_templates/js/prettyphoto/images/prettyPhoto/light_square/wp-thumb-creator.php
/home/mumu/public_html/dr**********eshop.info/wp-includes/functions.php




If you have any further questions or concerns, please do not hesitate to contact us.


Cheers,


Skip Cruse, GCIA
Security Systems Administrator
HostGator.com LLC
http://support.hostgator.com

dari penjelasan di atas, dapat diambil intinya. bahwa itu masuknya lewat thheme, function.php,



jangan2 masuk lagi ke htacces domain utama kontak support hostingnya lagi aaaah

 

gara2 timbthumb dong ni,,,