help server melakukan bruteforce xml-rpc


Status
Not open for further replies.

adrian

Apprentice 1.0
cara cek server melakukan bruteforce bagaimana?
baru saja saya menerima email abuse dari datacenter bahwa server saya melakukan bruteforce xml-rpc , saya gunakan server ini untuk shared hosting.
mohon minta tips untuk melakukan pengecekan akun mana yang melakukan bruteforce dan bagiman untuk menghentikan bruteforce ini
 

dhyhost

Web Hosting Service
The Warrior
Verified Provider
mudahnya blok IP tujuan, masalah gni ga jauh dr scripts, coba di scan aja servernya.
 

ulajuhda

Beginner 2.0
cara cek server melakukan bruteforce bagaimana?
baru saja saya menerima email abuse dari datacenter bahwa server saya melakukan bruteforce xml-rpc , saya gunakan server ini untuk shared hosting.
mohon minta tips untuk melakukan pengecekan akun mana yang melakukan bruteforce dan bagiman untuk menghentikan bruteforce ini

1. cek prosesnya dimana lokasi file brute forcenya "ps -aux"
2. kalau udah ketemu tinggal kill prosesnya
3. ini kemungkinan dia bruteforce website target dia pakai server nte om, kungkinan kalau bruteforce xmlrpc targetnya menggunakan wordpress, biasanya dia scannya pakai wpscan
C:\WPScan>ruby wpscan.rb --url demo.dewabiz.co.id/idtimez/ --enumerate u
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team
Version 2.9.4-dev
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________

[+] URL: http://demo.dewabiz.co.id/idtimez/
[+] Started: Sun Sep 30 16:04:17 2018

[+] Interesting header: LINK: <https://demo.dewabiz.co.id/idtimez/wp-json/>; rel="https://api.w.org/"
[+] Interesting header: SERVER: LiteSpeed
[+] Interesting header: X-POWERED-BY: PHP/5.6.38
[+] XML-RPC Interface available under: http://demo.dewabiz.co.id/idtimez/xmlrpc.php
[!] Upload directory has directory listing enabled: http://demo.dewabiz.co.id/idtimez/wp-content/uploads/
[!] Includes directory has directory listing enabled: http://demo.dewabiz.co.id/idtimez/wp-includes/

[+] WordPress version 4.9.8 (Released on 2018-08-02) identified from advanced fingerprinting, meta generator, links opml

[+] Enumerating plugins from passive detection ...
| 1 plugin found:

[+] Name: all-in-one-seo-pack - v2.8
| Latest version: 2.8 (up to date)
| Last updated: 2018-09-10T17:25:00.000Z
| Location: http://demo.dewabiz.co.id/idtimez/wp-content/plugins/all-in-one-seo-pack/
| Readme: http://demo.dewabiz.co.id/idtimez/wp-content/plugins/all-in-one-seo-pack/readme.txt

[+] Enumerating usernames ...
[+] Identified the following 1 user/s:
+----+-------+------+
| Id | Login | Name |
+----+-------+------+
| 1 | admin | |
+----+-------+------+
[!] Default first WordPress username 'admin' is still used

[+] Finished: Sun Sep 30 16:04:27 2018
[+] Requests Done: 60
[+] Elapsed time: 00:00:10

C:\WPScan>

4. kalau udah ketahuan lokasi filenya dmna , usahakan account yg menyimpan file tsb di suspend dl
 
Status
Not open for further replies.

Top