Situs klien saya kena SQL injection :(


Status
Not open for further replies.

bedebah

Apprentice 2.0
Log cpanel:
IP pelaku saya samarken.
Code:
111.95.***.** - - [01/Sep/2010:23:33:15 +0700] "GET /link.php?what=prod&cats=-999.9%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536-- HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:33:15 +0700] "GET /link.php?what=prod&cats=-999.9%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536-- HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:33:15 +0700] "GET /link.php?what=prod&cats=-999.9%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536-- HTTP/1.1" 404 - "-" "-"
akhirnya tembus, si hacker berhasil mendeface situs buatan saya :(
lognya ndak cuman itu, ada ratusan baris, mungkin ribuan.

sptnya si hacker menggunaken tool kalo dilihat dari log, betapa banyak yg dia ketik kayaknya ndak mungkin nulis manual.

Saya sudah mengamanken variable2 rawan...
seperti ink.php?what=prod&cats=angka
variable $cats, $id sudah saya filter jadi:
Code:
$cats=abs((int)$_GET['cats']);
$id=abs((int)$_GET['id']);
 

bedebah

Apprentice 2.0
Sepertinya si hacker gagal menembus link.php dgn SQL Injection krn flter itu (mungkin???)
dan aksi dilanjutken dengan melakuken brute-forece mencari file administratif di folder /panel:
Code:
111.95.***.** - - [01/Sep/2010:23:34:21 +0700] "GET /panel/admin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:25 +0700] "GET /panel/check.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:25 +0700] "GET /panel/relogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/secure/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/autologin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/autologin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/userlogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/userlogin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/admin_area.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/admin_area.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cmsadmin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cmsadmin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/security/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/usr/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/secret/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/root/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/login.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/adminLogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator.html HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/login.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/adminLogin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/login.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/login.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/admin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/0admin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/admin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/aadmin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/0manager/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cgi-bin/loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cgi-bin/loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login1asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login1php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_admin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_adminphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_adminasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_out/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_outphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_outasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_userphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/login_userasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginok/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginerror/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsave/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuper/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuperphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logout/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuperasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logoutphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logoutasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/secrets/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_indexphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_indexasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanagerphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanagerasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superuserphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superuserasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/Loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/Loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superasp HTTP/1.1" 404 - "-" "-"
 

rendy

Hosting Guru
Verified Provider
Sepertinya si hacker gagal menembus link.php dgn SQL Injection krn flter itu (mungkin???)
dan aksi dilanjutken dengan melakuken brute-forece mencari file administratif di folder /panel:
Code:
111.95.***.** - - [01/Sep/2010:23:34:21 +0700] "GET /panel/admin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:25 +0700] "GET /panel/check.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:25 +0700] "GET /panel/relogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/secure/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/webmaster.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/autologin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/autologin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/userlogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/userlogin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/admin_area.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:30 +0700] "GET /panel/admin_area.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cmsadmin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cmsadmin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/security/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/usr/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/secret/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/root/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/login.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/adminLogin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator.html HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/login.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/admin/adminLogin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/login.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/login.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/admin.asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/0admin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/moderator/admin.php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/aadmin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/0manager/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cgi-bin/loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/cgi-bin/loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login1asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login1php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_admin/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_adminphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_adminasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_out/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_outphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_outasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:31 +0700] "GET /panel/login_userphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/login_userasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginok/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginerror/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsave/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuper/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuperphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logout/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/loginsuperasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logoutphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/logoutasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/secrets/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1php HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super1asp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_indexphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_indexasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/super_loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanagerphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanagerasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supermanasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superuserphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superuserasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/ HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/Loginphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superphp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/supervise/Loginasp HTTP/1.1" 404 - "-" "-"
111.95.***.** - - [01/Sep/2010:23:34:32 +0700] "GET /panel/superasp HTTP/1.1" 404 - "-" "-"

suspend aja lah dulu
tunggu attacker reda
baru buka dan investigasi
 

bedebah

Apprentice 2.0
itu situs toko oline dgn transaksi harian gede oom :(
solusi Anda akan merugiken klien saya :(

berdasar apa2 yg dia lakuken, dia memang mengincar file2 di folder /panel, dan sy sudah tahu apa yg harus sy lakuken :p

mohon doa restu dan tips2nya ...
 

dpnux

Expert 1.0
Saya pernah begitu dan saya set ban IP yang brute force di .htaccess.

Untuk PHP saya selalu menggunakan is_numeric() untuk menvalidasi setiap variable numerik yang masuk jika hanya integer yang diperlukan sebelum dilakukan casting.
 

dewa

Poster 2.0
itu situs toko oline dgn transaksi harian gede oom :(
solusi Anda akan merugiken klien saya :(

berdasar apa2 yg dia lakuken, dia memang mengincar file2 di folder /panel, dan sy sudah tahu apa yg harus sy lakuken :p

mohon doa restu dan tips2nya ...
Kalau trx sdh gede.. kasian si client bila di suspend sementara...
Semoga variable2x rawan segera di amankan....
Ternyata Bulan Ramadhan gini.. masih ada yg usil juga ya...
 

rendy

Hosting Guru
Verified Provider
itu situs toko oline dgn transaksi harian gede oom :(
solusi Anda akan merugiken klien saya :(

berdasar apa2 yg dia lakuken, dia memang mengincar file2 di folder /panel, dan sy sudah tahu apa yg harus sy lakuken :p

mohon doa restu dan tips2nya ...

notifikasi usernya lah
biarkan mereka ikut campur dalam pengambilan keputusan
biasanya itu diincar gara2 software yang ga update
 

vkios01

Expert 1.0
kalau misal dengan cara ini om? di enkrip parameternya tadi..
http://blog.rosihanari.net/mengenkripsi-parameter-get-method-untuk-keamanan

$cats=abs((int)$_GET['cats']);
$id=abs((int)$_GET['id']);
ini uda sip untuk sql injection..

kalo saya pribadi tidak suka dengan ambil parameter id, biasanya dengan parameter text
jd tidak perlu di cek integer atau bukan..dan misal tidak ada didatabase tgl buat redirect ke 404

misal juga ;
link.php?what=prod&cats=445

sebaiknya di rewrite urlnya, bisa dengan .htaccess
misal jd; /link/prod/445
jd tidak perlu ada parameternya di URLnya.. what&cats

CMIIWW
 

JuraganWebHosting

Apprentice 1.0
misal juga ;
link.php?what=prod&cats=445

sebaiknya di rewrite urlnya, bisa dengan .htaccess
misal jd; /link/prod/445
jd tidak perlu ada parameternya di URLnya.. what&cats

CMIIWW

Setuju nih sama bro vkios01, memang sebaiknya diterapkan URL rewrite dengan htaccess... sangat membantu untuk mencegah si hacker mengetahui variable2 penting :)
 

xent

Beginner 1.0
sebagai tambahan, bisa difilter menggunakan regex (preg_match dan sebagainya). Saya selalu make regex untuk validasi dari variabel GET/POST.
 
Status
Not open for further replies.

Top