SSHD Rootkit

Discussion in 'Masalah Teknik dan Keamanan' started by susan, 19 Feb 2013.

Thread Status:
Not open for further replies.
  1. susan

    susan Apprentice 1.0

    Messages:
    289
    Likes Received:
    37
    Trophy Points:
    28
    Lagi ramai dibahas di WHT dan forum cpanel, ayo kita audit server masing2

    link terkait:
    * http://www.webhostingtalk.com/showthread.php?t=1235797
    * http://forums.cpanel.net/f185/sshd-rootkit-323962.html
     
    Bforce, BennyKusman and jaapns like this.
  2. twistedshells

    twistedshells Apprentice 1.0

    Messages:
    277
    Likes Received:
    18
    Trophy Points:
    18
    Sampai saat ini memang belum ketahuan bagaimana bisa backdoor ini ada. Tetapi baru 1 kesimpulan yaitu yang kena adalah distro Redhat/CentOS/CloudLinux baik 64 bit maupun 32bit. Sejak isu ini muncul 3 hari lalu, saya coba audit server main shared hosting kami (CloudLinux) dan server murni CentOS, tidak ditemukan.

    Kalau saya pribadi kemungkinan ini adalah escalate privileges dari local exploit.
     
    paijo2 likes this.
  3. BennyKusman

    BennyKusman Hosting Guru DWH Guardian Web Hosting (Company)

    Messages:
    2,234
    Likes Received:
    239
    Trophy Points:
    63
    Apa cara deteksi dengan execute command ini aja ?
     
  4. idcolo

    idcolo Apprentice 1.0 Web Hosting (Company)

    Messages:
    336
    Likes Received:
    29
    Trophy Points:
    28
    sepertinya memang sangat menarik, boleh tau exploitnya apa?
     
  5. susan

    susan Apprentice 1.0

    Messages:
    289
    Likes Received:
    37
    Trophy Points:
    28
    Cara deteksi gini katanya:
     
    PusatHosting and BennyKusman like this.
  6. mustafaramadhan

    mustafaramadhan Hosting Guru

    Messages:
    3,237
    Likes Received:
    857
    Trophy Points:
    113
    Mungkin benar. Tapi 'masuk' dari mana?.

    Karena pakai CPanel, jelas CPanel terjadi 'tertuduh' dalam masalah ini.
     
  7. mentariweb

    mentariweb Apprentice 2.0

    Messages:
    407
    Likes Received:
    31
    Trophy Points:
    28
    ngga cuman cpanel boz... baca lagi tuh ==>
     
  8. mustafaramadhan

    mustafaramadhan Hosting Guru

    Messages:
    3,237
    Likes Received:
    857
    Trophy Points:
    113
    Ya benar. Dalam diskusi itu yang sedang 'disidang' kan si CPanel.

    Syukur Kloxo-MR tidak masuk 'daftar'. Semoga tidak pernah menjadi 'barang menarik' bagi hacker. :cool:
     
  9. GriyaHosting

    GriyaHosting Expert 1.0

    Messages:
    966
    Likes Received:
    76
    Trophy Points:
    28
    CloudLinux : http://www.cloudlinux.com/blog/clnews/sshd-exploit.php


     
  10. GriyaHosting

    GriyaHosting Expert 1.0

    Messages:
    966
    Likes Received:
    76
    Trophy Points:
    28
    Servers with control panels such as cPanel, DirectAdmin, and Plesk are also affected.

    Kata "TERPENGARUH" kok bisa seolah menjadi targetnya ?


    Semoga tidak pernah menjadi 'barang menarik' bagi hacker. ... hmm mungkin belom kenal atau ndak tau kali bos apa itu Kloxo MR :37:
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...