Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

Web GW kena hack

Discussion in 'Chit Chat' started by teguhaditya, May 10, 2010.

Page 2 of 3

leniden Super Hero

Joined:

Mar 22, 2008

Messages:

2,403

Likes Received:

410

Location:

Palembang

Keris said: ↑

Apa bisa di share bro apa saja yang menjadi hole di wordpress versi terupdate dan cara menutupnya.
Pasti banyak yang merasa terbantu ... soalnya saya juga pernah kena, karena gak tau soal coding ya install ulang aja
Click to expand...

Ane jujur bro... Ane nggak tau gimana cara nutup itu hole. Kemarin ane dibantu sama mas R3YR3 itu. Pas ane terima coding editannya, itu hole udah nutup. Pengen banget ngebantu. Tapi aku nggak yau caranya. Ilmunya pun aku nggak punya.

Sekali lagi maaf.

leniden, May 10, 2010

#21
aaa111 Hero

Joined:

Feb 24, 2009

Messages:

621

Likes Received:

6

om r3yr3 mau ga ya gabung di sini..
lumayan biar bisa bagi-bagi ilmu he..he..

aaa111, May 10, 2010

#22
nunuaza Super Hero

Joined:

Nov 2, 2008

Messages:

1,322

Likes Received:

222

gila, keren amat hacker ya, bisa terkenal

nunuaza, May 10, 2010

#23
Alipha Super Hero

Joined:

Nov 21, 2009

Messages:

894

Likes Received:

9

Location:

At Home

Hackernya diundang dimari aja tuk nerangin holenya wordpress...

Alipha, May 10, 2010

#24
teguhaditya Super Hero

Joined:

Jan 23, 2008

Messages:

7,503

Likes Received:

1,418

Location:

_ ▂ ▃ ▅ ▆ █

Mana PM yeem nya...
Kalau gak salah tadi ada yg udah temenan, aku minta kontaknya, mau temenan juga..

teguhaditya, May 10, 2010

#25
thedy12 Super Hero

Joined:

Jun 19, 2009

Messages:

2,431

Likes Received:

84

Location:

Manado

nich sedikit solusi bagi wordpresnya yang kena hack h__p://ocaoimh.ie/did-your-wordpress-site-get-hacked/

kalo bermanfaat boleh donk cendolnya

thedy12, May 10, 2010

#26
imyatrader Super Hero

Joined:

May 28, 2009

Messages:

2,579

Likes Received:

125

Location:

Malang

langsung kontak emailnya aja bro.
ane dah kontak dia, malah dia skr lg ngetes blog2 ane.
banyak bgt holenya!!!
coba kalo kena hack mampus ane.

imyatrader, May 10, 2010

#27
trekmu Super Hero

Joined:

Feb 17, 2010

Messages:

1,673

Likes Received:

118

Location:

di rumah saja

hxxp://www.r3yr3.com

trekmu, May 10, 2010

#28
‬‬‬‬‬R3YR3 Ads.id Starter

Joined:

May 10, 2010

Messages:

95

Likes Received:

57

Location:

Indonesia

Thanks to teguhaditya yang telah memberikan link thread ini.
Maaf buat temen2 yang pernah kena audit dari saya.

Br:
R3YR3

‬‬‬‬‬R3YR3, May 10, 2010

#29
xtmxady Super Hero

Joined:

Dec 13, 2009

Messages:

3,854

Likes Received:

74

Location:

Tarakan BAIS \m/

trekmu said: ↑

hxxp://www.r3yr3.com
Click to expand...

ck TKP sob, oh iya, ada FB nya juga tuh, add dulu dah

--- Update ---

Ada kok solusinya: .http://www.r3yr3.com/r3yr3/cara-ngatasin-website-yang-telah-di-hack-oleh-hacked-by-r3yr3.html

xtmxady, May 10, 2010

#30
‬‬‬‬‬R3YR3 Ads.id Starter

Joined:

May 10, 2010

Messages:

95

Likes Received:

57

Location:

Indonesia

Thanks semuanya....
FB nya langsung saya terima....
Dan hole WP nanti saya akan share disini.

Br:
R3YR3
http://www.r3yr3.com
r3yr3.m4il@gmail.com

‬‬‬‬‬R3YR3, May 10, 2010

#31
xtmxady Super Hero

Joined:

Dec 13, 2009

Messages:

3,854

Likes Received:

74

Location:

Tarakan BAIS \m/

Ada kok solusinya: .http://www.r3yr3.com/r3yr3/cara-ngatasin-website-yang-telah-di-hack-oleh-hacked-by-r3yr3.html

xtmxady, May 10, 2010

#32
Keris Super Hero

Joined:

Sep 27, 2008

Messages:

1,197

Likes Received:

274

Location:

CPAGRIP

leniden said: ↑

Ane jujur bro... Ane nggak tau gimana cara nutup itu hole. Kemarin ane dibantu sama mas R3YR3 itu. Pas ane terima coding editannya, itu hole udah nutup. Pengen banget ngebantu. Tapi aku nggak yau caranya. Ilmunya pun aku nggak punya.

Sekali lagi maaf.
Click to expand...

Iya gak papa bro, kirain dah jadi murid mas R3YR3,
Itu masternya dah gabung ke sini, jangan2 bro yang minta gabung ke sini hehehe...

Keris, May 10, 2010

#33
kazejakz Super Hero

Joined:

Jan 24, 2010

Messages:

1,708

Likes Received:

716

Location:

Institut Pertanian Bogor menuju Universitas Gajah

jiahh .. si agan hacker nya sekalian promosi situsnya..
mangstabsss
setaw gw hacker cuma masukin Hack index ke hosting ..
jadi simple.. hapus aja file yang mencurigakan di hosting kita..
hahaha ini pengalaman pribadi prend

kazejakz, May 10, 2010

#34
‬‬‬‬‬R3YR3 Ads.id Starter

Joined:

May 10, 2010

Messages:

95

Likes Received:

57

Location:

Indonesia

kazejakz said: ↑

jiahh .. si agan hacker nya sekalian promosi situsnya..
mangstabsss
setaw gw hacker cuma masukin Hack index ke hosting ..
jadi simple.. hapus aja file yang mencurigakan di hosting kita..
hahaha ini pengalaman pribadi prend
Click to expand...

Nah.... ini dia baru dibilang master.
Tuh caranya sudah di share.

--- Update ---

Keris said: ↑

Iya gak papa bro, kirain dah jadi murid mas R3YR3,
Itu masternya dah gabung ke sini, jangan2 bro yang minta gabung ke sini hehehe...
Click to expand...

Fatal error: Call to undefined function wp_die() in /home/healthpl/public_html/sikris.org/ > http://sikris.org
Itu dia hole WP yang paling umum. Pathnya langsung keliatan dan tidak menutup kemungkinan sekaligus menjadi User cPanelnya.

‬‬‬‬‬R3YR3, May 11, 2010

#35
imyatrader Super Hero

Joined:

May 28, 2009

Messages:

2,579

Likes Received:

125

Location:

Malang

bro reyre dah masuk nih.
btw, gimana caranya biar tau hole spt itu bro.
tadi koq cepet bgt.
baru selesai nulis lgsg ketemu hole blog ane.

imyatrader, May 11, 2010

#36
‬‬‬‬‬R3YR3 Ads.id Starter

Joined:

May 10, 2010

Messages:

95

Likes Received:

57

Location:

Indonesia

imyatrader said: ↑

bro reyre dah masuk nih.
btw, gimana caranya biar tau hole spt itu bro.
tadi koq cepet bgt.
baru selesai nulis lgsg ketemu hole blog ane.
Click to expand...

Bug ini gampang di dapet karna memang sudah hapal bro.

‬‬‬‬‬R3YR3, May 11, 2010

#37
kisanak Ads.id Starter

Joined:

Nov 2, 2009

Messages:

83

Likes Received:

10

Location:

NewYorkarto Hadiningrat

untung dikasih tau hole-nya. kemarin web client di deface ama anak Yogya*carder*link, email ke yg ngecrack gak dikasih jawaban

kisanak, May 11, 2010

#38
suksesjitu Super Hero

Joined:

Feb 6, 2010

Messages:

3,813

Likes Received:

81

wah keren ilmunya mastah

suksesjitu, May 11, 2010

#39
toshiba Ads.id Starter

Joined:

Oct 14, 2009

Messages:

62

Likes Received:

0

‬‬‬‬‬ said: ↑

Bug ini gampang di dapet karna memang sudah hapal bro.
Click to expand...

Bro.. Tanya dong..
baru aja wordpress saya kena deface..
Padahal wordpress saya udah pake versi 2.9.2

ku cek log dari cpanel...
sepertinya si attacker berhasil mereset password admin wordpress nya.

/wp-login.php?action=lostpassword
Http Code: 302 Date: May 10 12:13:51 Http Version: HTTP/1.1 Size in Bytes: -
Referer: http://domainku.com/wp-login.php?action=lostpassword
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

*

/wp-login.php?checkemail=confirm
Http Code: 200 Date: May 10 12:13:52 Http Version: HTTP/1.1 Size in Bytes: 1102
Referer: http://domainku.com/wp-login.php?action=lostpassword
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

*

/wp-login.php?action=rp&key=qdTAAObXSx1Seqshyltr&login=admin
Http Code: 302 Date: May 10 12:14:11 Http Version: HTTP/1.1 Size in Bytes: -
Referer: -
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

*

/wp-login.php?checkemail=newpass
Http Code: 200 Date: May 10 12:14:12 Http Version: HTTP/1.1 Size in Bytes: 1098
Referer: -
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

*

/wp-admin/css/login.css?ver=20091010
Http Code: 304 Date: May 10 12:14:13 Http Version: HTTP/1.1 Size in Bytes: -
Referer: http://domainku.com/wp-login.php?checkemail=newpass
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

Saya bingung.. koq bisa itu attacker reset password wordpress ku ? apakah dia bisa masuk email aku ?
atau ada bugs di plugins yg aku pakai.. ? atau ... bingung deh koq bisa..

info : si attacker mengupload shell file php 404.php di folder theme wordpress ku.

apakah theme juga berpotensi tempat hole ?

Ternyata upgrade wordpress ke latest version dan upgrade plugins ke latest version tidak menjamin wordpress ku secure

mohon bantuan dan bimbingan nya...

toshiba, May 11, 2010

#40

(You must log in or sign up to reply here.)

Page 2 of 3

Share This Page