1. Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

[WARNING] Global Wordpress Brute Force Flood

Discussion in 'Internet News' started by marvic, Apr 12, 2013.

  1. marvic

    marvic Super Hero

    Joined:
    Jun 26, 2010
    Messages:
    1,482
    Likes Received:
    337
    Location:
    Kuta Rock City
    Intinya, coba login ke Wordpress selfhosted ente..




    Source :

    Code:
    blog.hostgator.com/2013/04/11/global-wordpress-brute-force-flood/
     
    jackysan and gougou like this.
  2. ilham33

    ilham33 Trusted Web Hosting

    Joined:
    Feb 16, 2010
    Messages:
    2,785
    Likes Received:
    227
    Location:
    The North |
    mungkin perlu mempasword wp-admin untuk sementara waktu.
     
  3. TheNext

    TheNext Super Hero

    Joined:
    Mar 1, 2011
    Messages:
    2,899
    Likes Received:
    211
    Location:
    Ruang Pikiran
    apa gara2 serangan ini ya kira2 penyebab host/VPS jadi lemot akhir2 ini?
     
  4. GrafitianZ

    GrafitianZ Super Hero

    Joined:
    Nov 6, 2010
    Messages:
    3,445
    Likes Received:
    202
    Location:
    JakCity
    waduh parah juga nih..
    kalau buat VPS kode .htaccess apa ya kira2? ada yg tau ga?
     
  5. pyurtube

    pyurtube Super Hero

    Joined:
    Feb 19, 2011
    Messages:
    1,804
    Likes Received:
    70
    Location:
    Senen Jakarta Poesat
    banyak dampaknya pasti ya?
     
  6. ilham33

    ilham33 Trusted Web Hosting

    Joined:
    Feb 16, 2010
    Messages:
    2,785
    Likes Received:
    227
    Location:
    The North |
    bisa mempassword directorynya,hanya IP kamu yg bisa akses,juga bisa kasih captcha..
     
    GrafitianZ likes this.
  7. ulilalbab

    ulilalbab Ads.id Pro

    Joined:
    Aug 23, 2012
    Messages:
    374
    Likes Received:
    39
    Location:
    Gunung Semeru
    Ah giliran ane lepas Cloudflare ada beginian.. yaudah back to Cloudflare lg.. Alhamdulillah WP ane msh aman..
     
  8. soniwidiyanto

    soniwidiyanto Newbie

    Joined:
    Dec 22, 2012
    Messages:
    22
    Likes Received:
    3
    Wkwkwkwkkk bahaya bgt, apa wp versi terbaru jg kena?
     
  9. antz matters

    antz matters Ads.id Starter

    Joined:
    Dec 19, 2007
    Messages:
    88
    Likes Received:
    5
    Location:
    jakarta
    Ane salah satu korbannya... webhostingan ane kena semua ga bisa diakses sementara karena pihak hosting lagi off semua wp login
     
  10. zanabid

    zanabid Super Hero

    Joined:
    Dec 21, 2012
    Messages:
    818
    Likes Received:
    81
    Location:
    Kendal, Indonesia
    Baru saja saya menerima email pemberitahuan dari pihak hosting agar memasukkan perintah di bawah ini ke file .htaccess guna menanggapi isu di atas.

    PHP:
    <Files "^wp-login.php">
    Order deny,allow
    Deny from all
    Allow from x
    .x.x.x
    </Files>
    Keterangan :
    x.x.x.x diganti sesuai ip address milik Anda, bisa dicek di WhatIsMyIPcom.
     
  11. Pebisnisonline

    Pebisnisonline Super Hero

    Joined:
    Jun 15, 2011
    Messages:
    3,709
    Likes Received:
    520
    Location:
    Indonesia
    Mgkin dampaknya itu hy pada wordpress instalasi yg pake one click kayak fantastico ato softculous? ato semua ya?
     
  12. ulilalbab

    ulilalbab Ads.id Pro

    Joined:
    Aug 23, 2012
    Messages:
    374
    Likes Received:
    39
    Location:
    Gunung Semeru
    Ga usah repot2 block semua IP, make aja Plugin wp login lockdown
     
  13. jagoan999

    jagoan999 Ads.id Pro

    Joined:
    Jan 16, 2012
    Messages:
    463
    Likes Received:
    42
    Location:
    City of Angles
    lha kalau koneksi kita pake IP dynamic gimana nih gan ... ?
     
  14. netrix

    netrix Super Hero

    Joined:
    Jan 5, 2009
    Messages:
    1,494
    Likes Received:
    242
    Location:
    Not Telling
    vps ane malah kena DDoS pd dns nya.. apa karena ini juga?

    Sent from my GT-P3100 using Tapatalk HD
     
  15. p3durungan

    p3durungan Super Hero

    Joined:
    Jan 26, 2009
    Messages:
    18,673
    Likes Received:
    6,050
    Location:
    depan laptop
    balik lagi lah ke custom domain di blogcepot.....
     
    p3tir likes this.
  16. minul

    minul Ads.id Pro

    Joined:
    Nov 23, 2012
    Messages:
    474
    Likes Received:
    32
    gampang itumah, tinggal pakek plugin wp better security, bisa ganti url wp admin/login/register dan sebagainya.
     
    jackysan and p3tir like this.
  17. anonym

    anonym Banned

    Joined:
    Jan 18, 2012
    Messages:
    714
    Likes Received:
    213
    Location:
    the edge of the earth
    kasih IP blocked di htaccess file gan
    save as .HTACCESS kemudian upload di folder domain-agan.com/wp-admin

    PHP:
    AuthUserFile /dev/null
    AuthGroupFile 
    /dev/null
    AuthName 
    "WordPress Admin Access Control"
    AuthType Basic
    <LIMIT GET>
    order deny,allow
    deny from all
    # whitelist address
    allow from 192.168.0.100
    # whitelist 1 address
    allow from 192.168.0.100
    </LIMIT>
    ganti IP dgn IP inet milik agan, jd yg bisa mengakses cuman IP dr yg bersangkutan,
    solusi kalo pake Dynamic IP, kita tinggal edit ajah offline trus upload via FTP
     
    agrevo likes this.
  18. agrevo

    agrevo Ads.id Fan

    Joined:
    Jan 13, 2012
    Messages:
    229
    Likes Received:
    9
    Location:
    BANDUNG
    :tinju: Jebol 2 website ane di HG gan..... wp-admin ng bisa diakses..... :hmm2:
     
  19. simple.bee

    simple.bee Ads.id Fan

    Joined:
    May 16, 2012
    Messages:
    214
    Likes Received:
    21
    Location:
    Sampit
    Bahkan sampe Matt Mullenweg aja menanggapi permasalahan ini :hmm2:


    hxxp://ma.tt/2013/04/passwords-and-brute-force/
     
    Last edited: Apr 13, 2013
  20. bayucity

    bayucity Banned

    Joined:
    Oct 11, 2010
    Messages:
    545
    Likes Received:
    13
    @ om marvich ... ini ada hubungannya dak ya dengan firefox sy tiba2 koq menjadi private browsing?
     

Share This Page