Situs klien saya kena SQL injection :(

bedebah · 2 Sep 2010

Log cpanel:
IP pelaku saya samarken.

Code:

111.95.***.** - - [01/Sep/2010:23:33:15 +0700] "GET /link.php?what=prod&cats=-999.9%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536-- HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:33:15 +0700] "GET /link.php?what=prod&cats=-999.9%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536-- HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:33:15 +0700] "GET /link.php?what=prod&cats=-999.9%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536-- HTTP/1.1" 404 - "-" "-"

akhirnya tembus, si hacker berhasil mendeface situs buatan saya

lognya ndak cuman itu, ada ratusan baris, mungkin ribuan.

sptnya si hacker menggunaken tool kalo dilihat dari log, betapa banyak yg dia ketik kayaknya ndak mungkin nulis manual.

Saya sudah mengamanken variable2 rawan...
seperti ink.php?what=prod&cats=angka
variable $cats, $id sudah saya filter jadi:

Code:

$cats=abs((int)$_GET['cats']);
$id=abs((int)$_GET['id']);

bedebah · 2 Sep 2010

Sepertinya si hacker gagal menembus link.php dgn SQL Injection krn flter itu (mungkin???)
dan aksi dilanjutken dengan melakuken brute-forece mencari file administratif di folder /panel:

Code:

111.95.***.** - - [01/Sep/2010:23:34:21 +0700] "GET /panel/admin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:25 +0700] "GET /panel/check.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:25 +0700] "GET /panel/relogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/secure/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/autologin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/autologin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/userlogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/userlogin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/admin_area.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/admin_area.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cmsadmin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cmsadmin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/security/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/usr/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/secret/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/root/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/login.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/adminLogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator.html HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/login.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/adminLogin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/login.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/login.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/admin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/0admin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/admin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/aadmin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/0manager/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cgi-bin/loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cgi-bin/loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login1asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login1php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_admin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_adminphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_adminasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_out/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_outphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_outasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_userphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/login_userasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginok/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginerror/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsave/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuper/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuperphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logout/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuperasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logoutphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logoutasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/secrets/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_indexphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_indexasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanagerphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanagerasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superuserphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superuserasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/Loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/Loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superasp HTTP/1.1" 404 - "-" "-"

rendy · 2 Sep 2010

bedebah said:

Sepertinya si hacker gagal menembus link.php dgn SQL Injection krn flter itu (mungkin???)
dan aksi dilanjutken dengan melakuken brute-forece mencari file administratif di folder /panel:

Code:

111.95.***.** - - [01/Sep/2010:23:34:21 +0700] "GET /panel/admin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:25 +0700] "GET /panel/check.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:25 +0700] "GET /panel/relogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/secure/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/autologin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/autologin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/userlogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/userlogin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/admin_area.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/admin_area.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cmsadmin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cmsadmin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/security/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/usr/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/secret/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/root/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/login.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/adminLogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator.html HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/login.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/adminLogin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/login.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/login.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/admin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/0admin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/admin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/aadmin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/0manager/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cgi-bin/loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cgi-bin/loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login1asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login1php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_admin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_adminphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_adminasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_out/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_outphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_outasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_userphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/login_userasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginok/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginerror/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsave/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuper/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuperphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logout/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuperasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logoutphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logoutasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/secrets/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_indexphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_indexasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanagerphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanagerasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superuserphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superuserasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/Loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/Loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superasp HTTP/1.1" 404 - "-" "-"

suspend aja lah dulu
tunggu attacker reda
baru buka dan investigasi

bedebah · 3 Sep 2010

itu situs toko oline dgn transaksi harian gede oom

solusi Anda akan merugiken klien saya

berdasar apa2 yg dia lakuken, dia memang mengincar file2 di folder /panel, dan sy sudah tahu apa yg harus sy lakuken

mohon doa restu dan tips2nya ...

dpnux · 3 Sep 2010

Saya pernah begitu dan saya set ban IP yang brute force di .htaccess.

Untuk PHP saya selalu menggunakan is_numeric() untuk menvalidasi setiap variable numerik yang masuk jika hanya integer yang diperlukan sebelum dilakukan casting.

dewa · 3 Sep 2010

bedebah said:
itu situs toko oline dgn transaksi harian gede oom
solusi Anda akan merugiken klien saya

berdasar apa2 yg dia lakuken, dia memang mengincar file2 di folder /panel, dan sy sudah tahu apa yg harus sy lakuken

mohon doa restu dan tips2nya ...

Kalau trx sdh gede.. kasian si client bila di suspend sementara...
Semoga variable2x rawan segera di amankan....
Ternyata Bulan Ramadhan gini.. masih ada yg usil juga ya...

rendy · 3 Sep 2010

bedebah said:
itu situs toko oline dgn transaksi harian gede oom
solusi Anda akan merugiken klien saya

berdasar apa2 yg dia lakuken, dia memang mengincar file2 di folder /panel, dan sy sudah tahu apa yg harus sy lakuken

mohon doa restu dan tips2nya ...

notifikasi usernya lah
biarkan mereka ikut campur dalam pengambilan keputusan
biasanya itu diincar gara2 software yang ga update

vkios01 · 3 Sep 2010

kalau misal dengan cara ini om? di enkrip parameternya tadi..
http://blog.rosihanari.net/mengenkripsi-parameter-get-method-untuk-keamanan

$cats=abs((int)$_GET['cats']);
$id=abs((int)$_GET['id']);

ini uda sip untuk sql injection..

kalo saya pribadi tidak suka dengan ambil parameter id, biasanya dengan parameter text
jd tidak perlu di cek integer atau bukan..dan misal tidak ada didatabase tgl buat redirect ke 404

misal juga ;
link.php?what=prod&cats=445

sebaiknya di rewrite urlnya, bisa dengan .htaccess
misal jd; /link/prod/445
jd tidak perlu ada parameternya di URLnya.. what&cats

CMIIWW

JuraganWebHosting · 10 Sep 2010

vkios01 said:
misal juga ;
link.php?what=prod&cats=445

sebaiknya di rewrite urlnya, bisa dengan .htaccess
misal jd; /link/prod/445
jd tidak perlu ada parameternya di URLnya.. what&cats

CMIIWW

Setuju nih sama bro vkios01, memang sebaiknya diterapkan URL rewrite dengan htaccess... sangat membantu untuk mencegah si hacker mengetahui variable2 penting

xent · 12 Sep 2010

sebagai tambahan, bisa difilter menggunakan regex (preg_match dan sebagainya). Saya selalu make regex untuk validasi dari variabel GET/POST.

Situs klien saya kena SQL injection :(

bedebah

Apprentice 2.0

bedebah

Apprentice 2.0

rendy

Hosting Guru

bedebah

Apprentice 2.0

dpnux

Expert 1.0

dewa

Poster 2.0

rendy

Hosting Guru

vkios01

Expert 1.0

JuraganWebHosting

Apprentice 1.0

xent

Beginner 1.0