Cek Shell Backdoor di Server

Discussion in 'Masalah Teknik dan Keamanan' started by T36o3h, 1 Sep 2015.

Thread Status:
Not open for further replies.
  1. T36o3h

    T36o3h Poster 1.0

    Messages:
    99
    Likes Received:
    2
    Trophy Points:
    8
    Master sekalian,
    gimana caranya tau letak backdoor shell yang ditanam orang di server ni ??
    Tolong dibantu ya ....
    Thanks
     
  2. pedagang

    pedagang Expert 1.0

    Messages:
    672
    Likes Received:
    109
    Trophy Points:
    43
    rkhunter
     
  3. T36o3h

    T36o3h Poster 1.0

    Messages:
    99
    Likes Received:
    2
    Trophy Points:
    8
    aq sdh pasang rkhunter hasilnya g ada yang kedetect
    aq pasang LMD dan aq cron daily ... cronnya pagi2 buta jadi kalo masuk siang/malem nunggu besoknya baru discan
    ada yg lebih efektif gak ya ??
     
  4. pedagang

    pedagang Expert 1.0

    Messages:
    672
    Likes Received:
    109
    Trophy Points:
    43
    kalau yg dicari nggak ada maka 'mungkin' memang nggak ada ?
    apa indikasi kalau ada backdoor ?

    silahkan dilanjut dg para master yg jarinya lagi nganggur :4:
     
  5. T36o3h

    T36o3h Poster 1.0

    Messages:
    99
    Likes Received:
    2
    Trophy Points:
    8
    ada bbrp file unknown yg tiba2 ditanam di bbrp akun saya dan ada report phising
    jd saya pgen tau backdoornya dimana gt
     
  6. pedagang

    pedagang Expert 1.0

    Messages:
    672
    Likes Received:
    109
    Trophy Points:
    43
  7. pedagang

    pedagang Expert 1.0

    Messages:
    672
    Likes Received:
    109
    Trophy Points:
    43
    cek dibawah itu banyak similar thread,
    supaya kalo ada petunjuk dari para master bisa lebih mengarah gitu
     
  8. T36o3h

    T36o3h Poster 1.0

    Messages:
    99
    Likes Received:
    2
    Trophy Points:
    8
    saya sdh coba dan gak jalan
     
  9. mustafaramadhan

    mustafaramadhan Hosting Guru

    Messages:
    3,237
    Likes Received:
    857
    Trophy Points:
    113
    Untuk RKHunter, apa sudah dipelajari log-nya?.
     
  10. junior riau

    junior riau Hosting Guru Web Hosting

    Messages:
    3,227
    Likes Received:
    514
    Trophy Points:
    113
    malware detect g bisa?
    kalau aku bnyak ya lama
    akun 1 1 coba scan
    caba lihat hasil
    # htop
    terus tekan f4, terus ketik php

    biasanya ada process2 backdoor itu
    saya dari sana lihat kalau lagi malas :24:

    atau ps fuxa | grep .php

    nanti terlihat itu proces2 yang memakai file .php

    biasanya backdor diletak di folder2 yang gak mungkin di curigai
    e.g. :
    - css
    - js
    - wp-admin (wp)
    - wp-include/themes/
    - themes nyq wp,
    - folder upload
    - plugin wp
    beberapa nama

    data.php system.php
    dump.php themes.php
    sql-backup.php

    itu beberapa yang suka nongol di server saya di akun2 klien yang ga di patch
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...