Mod Security Defense to Timthumb Wordpress

Discussion in 'Masalah Teknik dan Keamanan' started by jaapns, 7 Mar 2012.

Thread Status:
Not open for further replies.
  1. jaapns

    jaapns Hosting Guru Web Hosting

    Messages:
    3,260
    Likes Received:
    443
    Trophy Points:
    83
    Td pagi sempat ada report bahwa beberapa klien terkena deface, oleh dc di sarankan untuk menggunakan mod_sec untuk menghadang usaha hacking dari file timthumb wordpress.

    Berikut url nya :
    hxxp://blog.tigertech.net/posts/timthumb/


    Semoga berguna untuk teman2 disini .
     
    indonic, Bforce and PusatHosting like this.
  2. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,337
    Likes Received:
    326
    Trophy Points:
    83
    oh ternyata ada rules mod_sec nya sip deh dicoba dulu
     
  3. mixmaxspace

    mixmaxspace Hosting Guru

    Messages:
    1,235
    Likes Received:
    99
    Trophy Points:
    48
    Wah thanks pak jaap, kayaknya rulesnya di set ke 1000an akun di Dedi :))
     
  4. Adhie

    Adhie Expert 1.0

    Messages:
    733
    Likes Received:
    56
    Trophy Points:
    28
    itu kan thimtub versi sekian,

    klw versi terbaru, apa akan ke block>
     
  5. vishualhost

    vishualhost Expert 2.0

    Messages:
    813
    Likes Received:
    81
    Trophy Points:
    28
    klo dr yg saya review2 dr google sih harusnya di versi yg baru sidah fixed yach, cuma tidak ada salahnya menambahkan rules tersebut karena lebih baik mencegah dari pada mengobati
     
  6. Adhie

    Adhie Expert 1.0

    Messages:
    733
    Likes Received:
    56
    Trophy Points:
    28
    dari mod_sec diatas, akan memblock (CMIIW) theme yang menggunakan timtumb

    hmm.
    klw begitu, versi terbaru juga ke block ya?
     
  7. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,337
    Likes Received:
    326
    Trophy Points:
    83
    timthumb.php versi baru cache nya pakai .txt jadi tidak akan terblokir coba saja di cek.
     
  8. indonic

    indonic Apprentice 1.0

    Messages:
    222
    Likes Received:
    5
    Trophy Points:
    18
    thanks banget neh...mo coba diterapkan dan direview jg hasilnya...:)
     
  9. galuh82

    galuh82 Hosting Guru Web Hosting (Company)

    Messages:
    2,514
    Likes Received:
    186
    Trophy Points:
    63
    kalau tidak salah, rule dari gotroot juga sudah implementasi itu .. karena beberapa client saya yang pakai itu kena blok mod_security. CMIIW
     
  10. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,337
    Likes Received:
    326
    Trophy Points:
    83
    di file rules yang mana bos?
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...