1. Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

[help] SQL injection WARNING

Discussion in 'Wordpress' started by adimas, Jun 20, 2011.

  1. adimas

    adimas Hero

    Joined:
    Mar 19, 2008
    Messages:
    540
    Likes Received:
    26
    Location:
    alatkesehatann.net, alatkesehatann.com
    Assalaamu'alaikum, siang gan, ane dapet email dari wordpress firewall (ane install plugin wp-firewall) isinya kaya gini nih :
    WordPress Firewall has detected and blocked a potential attack!

    Web Page: xxxxxxxx.xxx/wp-admin/theme-editor.php
    Warning: URL may contain dangerous content!
    Offending IP: 114.79.3.32 [ Get IP location ]
    Offending Parameter: newcontent = <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"> <html xmlns=\"http://www.w3.org/1999/xhtml\" <?php language_attributes(); ?>> <head profile=\"http://gmpg.org/xfn/11\"> <meta http-equiv=\"Content-Type\" content=\"<?php bloginfo(\'html_type\'); ?>; charset=<?php bloginfo(\'charset\'); ?>\" /> <title><?php bloginfo(\'name\'); ?> <?php if ( is_single() ) { ?> &raquo; Blog Archive <?php } ?> <?php wp_title(); ?></title> <meta name=\"generator\" content=\"WordPress <?php bloginfo(\'version\'); ?>\" /> <!-- leave this for stats --> <meta name=\"description\" content=\"<?php bloginfo(\'description\') ?>\" /> <meta name=\"keywords\" content=\"\" /> (https://www.google.com/webmasters/verification/verification?siteUrl=http://xxxxxxxx.xxx/&continue=https://www.google.com/webmasters/tools/dashboard?hl%3Den%26siteUrl%3Dhttp://xxxxxxxx.xxx/%26sig%3DALjLGbO-ihkDyyOoX-2N3WRVNWerLEAjog&hl=en&priorities=vfile,vmeta,vanalytics,vdns&tid=alternate) <meta name=\"google-site-verification\" content=\"t4qvvC8VV2-ucj518TjuwJMYZM7leYTlxtxlH4Ifsro\" /> (https://siteexplorer.search.yahoo.com/verification?site_id=7827779) <META name=\"y_key\" content=\"b8ed4927590f9685\" /> (http://www.bing.com/webmaster?rfp=6) <meta name=\"msvalidate.01\" content=\"00121C1EF099C91B923621812ED581E6\" /> (http://www.alexa.com/edit/claim/xxxxxxxx.xxx) <meta name=\"alexaVerifyID\" content=\"DeuAoao4BqNXa8aK1LMxZBfjILI\" /> <link rel=\"stylesheet\" href=\"<?php bloginfo(\'stylesheet_url\'); ?>\" type=\"text/css\" media=\"all\" /> <link rel=\"alternate\" type=\"application/rss+xml\" title=\"<?php bloginfo(\'name\'); ?> RSS Feed\" href=\"<?php bloginfo(\'rss2_url\'); ?>\" /> <link rel=\"pingback\" href=\"<?php bloginfo(\'pingback_url\'); ?>\" /> <script type=\"text/javascript\" src=\"<?php bloginfo(\'template_directory\'); ?>/js/jquery-1.2.6.js\"></script> <script type=\"text/javascript\" src=\"<?php bloginfo(\'template_directory\'); ?>/js/spy.js\"></script> <script type=\"text/javascript\" src=\"<?php bloginfo(\'template_directory\'); ?>/js/tabber.js\"></script> <script type=\"text/javascript\" src=\"<?php bloginfo(\'template_directory\'); ?>/js/scroll.js\"></script> <script type=\"text/javascript\" > jQuery.noConflict();</script> <link rel=\"stylesheet\" type=\"text/css\" href=\"<?php bloginfo(\'template_directory\'); ?>/banner.css\" media=\"screen\" /> <link rel=\"stylesheet\" type=\"text/css\" href=\"<?php bloginfo(\'template_directory\'); ?>/tabs.css\" media=\"screen\" /> <link rel=\"stylesheet\" type=\"text/css\" href=\"<?php bloginfo(\'template_directory\'); ?>/featlist.css\" media=\"screen\" /> <script type=\"text/javascript\"><!--//--><![CDATA[//><!-- sfHover = function() { if (!document.getElementsByTagName) return false; var sfEls = document.getElementById(\"catmenu\").getElementsByTagName(\"li\"); for (var i=0; i<sfEls.length; i++) { sfEls.onmouseover=function() { this.className+=\" sfhover\"; } sfEls.onmouseout=function() { this.className=this.className.replace(new RegExp(\" sfhover\\\\b\"), \"\"); } } } if (window.attachEvent) window.attachEvent(\"onload\", sfHover); //--><!]]></script> <?php wp_get_archives(\'type=monthly&format=link\'); ?> <?php //comments_popup_script(); // off by default ?> <?php if ( is_singular() ) wp_enqueue_script( \'comment-reply\' ); wp_head(); ?> </head> <body> <script type=\"text/javascript\"> var _gaq = _gaq || []; _gaq.push([\'_setAccount\', \'UA-23348608-1\']); _gaq.push([\'_trackPageview\']); (function() { var ga = document.createElement(\'script\'); ga.type = \'text/javascript\'; ga.async = true; ga.src = (\'https:\' == document.location.protocol ? \'https://ssl\' : \'http://www\') + \'.google-analytics.com/ga.js\'; var s = document.getElementsByTagName(\'script\')[0]; s.parentNode.insertBefore(ga, s); })(); </script> <div id=\"wrapper\"> <div id=\"menu\"> <ul> <li class=\"page_item <?php if ( is_home() ) { ?>current_page_item<?php } ?>\"><a href=\"<?php echo get_settings(\'home\'); ?>/\" title=\"Home\">Home</a></li> <?php wp_list_pages(\'sort_column=menu_order&depth=1&title_li=\');?> </ul> </div> <div class=\"clear\"></div> <div id=\"top\"> <?php include (TEMPLATEPATH . \'/searchform.php\'); ?> <div class=\"blogname\"> <h1><a href=\"<?php bloginfo(\'siteurl\');?>/\" title=\"<?php bloginfo(\'name\');?>\"><?php bloginfo(\'name\');?></a></h1> <h2><?php bloginfo(\'description\'); ?></h2> </div> <?php include (TEMPLATEPATH . \'/headbanner.php\'); ?> </div> <div id=\"catmenucontainer\"> <div id=\"catmenu\"> <ul> <?php wp_list_categories(\'sort_column=name&title_li=&depth=4\'); ?> </ul> </div> </div> <div class=\"clear\"></div> <div id=\"casing\">

    This may be a "WordPress-Specific SQL Injection Attack."

    Click here for more information on this type of attack.

    If you suspect this may be a false alarm because of something you recently did, try to confirm by repeating those actions. If so, whitelist it via the "whitelist this variable" link below. This will prevent future false alarms.

    Click here to whitelist this variable.
    Click here to turn off these emails.
    Repeated warnings for similar attacks are currently sent via email, click here to suppress them.


    nah kia2 ane mesti gimana tuh ya? belum ngerti yang kaya ginian solanya
     
    adimas, Jun 20, 2011
    #1
  2. alfi212

    alfi212 Hero

    Joined:
    Nov 15, 2010
    Messages:
    682
    Likes Received:
    97
    waalaikumsalam,,coba bantu dikit,, agan habis coba edit theme ya??

    kekurangan wp firewall ya itu,, kalau coba edit2 daleman wordpress di kira injeksi gan,, so far ga masalah,,
     
    alfi212, Jun 20, 2011
    #2
    adimas likes this.
  3. adimas

    adimas Hero

    Joined:
    Mar 19, 2008
    Messages:
    540
    Likes Received:
    26
    Location:
    alatkesehatann.net, alatkesehatann.com
    iya gan abis edit2 themenya dikit, tadi masukin code adsense ke salah satu file php.
    oh gitu itu yah , berarti ane laporin whitelist aja klo gitu mah ya?
    terimaasih banyak gan alfi212 :gembira:
     
    adimas, Jun 20, 2011
    #3
  4. dhanoe

    dhanoe Newbie

    Joined:
    Oct 14, 2012
    Messages:
    38
    Likes Received:
    0
    o gitu ya gan.. ilmu baru nih hoho
     
    dhanoe, Feb 10, 2013
    #4
  5. Samuelhutauruk2

    Samuelhutauruk2 Newbie

    Joined:
    Aug 23, 2015
    Messages:
    1
    Likes Received:
    0
    Location:
    Indonesia
    Ada serangan tuh :(
     
    Samuelhutauruk2, May 9, 2017
    #5
  6. Bungkusnya

    Bungkusnya Ads.id Fan

    Joined:
    Apr 6, 2017
    Messages:
    117
    Likes Received:
    14
    wordpress setau ane jarang banget yang kena sql injection kecuali dipermak habis jadi forum atau e commerce
     
    Bungkusnya, May 10, 2017
    #6

Share This Page