1. Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

[Share]Solusi Cara atasi sekuriti di WP (folder upload, script injeksi bersarang)

Discussion in 'Wordpress' started by arest, Jan 23, 2012.

Tags:
  1. arest

    arest Super Hero

    Joined:
    May 20, 2008
    Messages:
    2,288
    Likes Received:
    122
    Location:
    Krawu.net Hosting
    Mohon maaf momod bila repost del aja yee :D. Gini, bila agan / aganwati ngecek securiti blog agan disini
    >>> hxxp://sitecheck.sucuri.net/scanner/

    Liat hasilnya utk bag >>> website details, jika penampakannya spt ini:

    Wordpress internal path: /home/xxxxxx/public_html/xxxxxxx.com/wp-content/themes/twentyten/index.php

    Itu udh kliatan struktur blog agan wan / wati dan hacker biasanya naruh script file di upload direktori ...Nah solusinya msh ttp pke htaccess, bikin file .htaccess baru, isi dgn ini

    # secure directory by disabling script execution
    AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi .aspx
    Options -ExecCGI

    Dan upload di wp-content agan.... Itu fungsinya utk mem-blok type2 file yg ada di direktori itu. Kita dpt membuat error forbidden 403 dan meng-close eksekusi CGI file..

    Bila berguna ngga nolak like dehhh :)) (Ref: hxxp://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/#sec16)
     
    arest, Jan 23, 2012
    #1
    Basszone, park3r, laziale and 6 others like this.
  2. srodoks

    srodoks Super Hero

    Joined:
    Dec 6, 2010
    Messages:
    1,565
    Likes Received:
    180
    like meluncur bos,,, and dipraktekan dulu. ijin bookmark. thanks ya bos
     
    srodoks, Jan 23, 2012
    #2
  3. arest

    arest Super Hero

    Joined:
    May 20, 2008
    Messages:
    2,288
    Likes Received:
    122
    Location:
    Krawu.net Hosting
    Iya mastah monggo, klo bisa di kasih report ya hasilnya gmn, ini jg lg trial ane :D
     
    arest, Jan 23, 2012
    #3
  4. agusrahmadi

    agusrahmadi Ads.id Fan

    Joined:
    Mar 20, 2011
    Messages:
    202
    Likes Received:
    3
    Location:
    Klaten
    thanks gan , ,, :kembang:
    jatah jempol abis ni, jempol nya besok lagi dah
     
    agusrahmadi, Jan 23, 2012
    #4
  5. laziale

    laziale Super Hero

    Joined:
    Nov 13, 2010
    Messages:
    984
    Likes Received:
    40
    top dah, ini yg ane cari..thanks mastah :D
     
    laziale, Jan 23, 2012
    #5
  6. hardinalz

    hardinalz Super Hero

    Joined:
    Mar 8, 2010
    Messages:
    2,395
    Likes Received:
    1,420
    Location:
    /var/www/html
    Kalo ane isi .htaccess-nya kayak gini gan:
    Order Allow,Deny
    Deny from all
    <Files ~ "\.(css|jpe?g|png|gif|js|xml|swf)$">
    Allow from all
    </Files>
    <Files "wp-tinymce.php">
    Allow from all
    </Files>

    Ane taruh d direktori wp-content bisa ga kalo gitu? Ane dulu dapet dari forum ini juga.
     
    hardinalz, Jan 23, 2012
    #6
  7. arest

    arest Super Hero

    Joined:
    May 20, 2008
    Messages:
    2,288
    Likes Received:
    122
    Location:
    Krawu.net Hosting
    Iya ane jg prnh liat itu script, utk yg baris atas kira2 bhw type file2 itu dibuat browsable, yg hasilnya akan blank, klo itu ane biasanya ckp pke ini

    PHP:
    # DISABLE DIRECTORY BROWSING
    Options All -Indexes

    # PREVENT FOLDER LISTING
    IndexIgnore *
    Yg kedua itu ide dasarnya nyembunyiin Fatal error:

    PHP:
    Call to undefined function is_multisite() in /home/blabla/public_html/xxxx.com/wp-includes/wp-db.php on line 505
    Klo utk itu ane prnh post di mari

    PHP:
    http://www.adsense-id.com/forums/showthread.php/109705-Pantesan-blog2ku-kena-hack-mungkin-ini-dalangnya.?p=1449842#post1449842
    Itu udh trmasuk wp-admin/includes dan wp-includes dan smua file didlmnya yg emg trlarang utk dimasuki :D. Btw Mohon maaf yee klo slh :)
     
    arest, Jan 23, 2012
    #7
  8. Schwarzkophf

    Schwarzkophf Super Hero

    Joined:
    Nov 13, 2008
    Messages:
    2,318
    Likes Received:
    71
    Location:
    Depok
    wah mangstab nih ...
    makin keren aja sekuriti wordpress :senyum:
     
    Schwarzkophf, Jan 23, 2012
    #8
  9. park3r

    park3r Super Hero

    Joined:
    May 25, 2008
    Messages:
    4,967
    Likes Received:
    628
    like penceted
    thanks sharenya. berguna buat blog ane :D
     
    park3r, Jan 23, 2012
    #9
  10. anggaba

    anggaba Ads.id Fan

    Joined:
    Jul 4, 2011
    Messages:
    125
    Likes Received:
    0
    Location:
    Yogyakarta
    marem tenan :D
    makasih sharenya
     
    anggaba, Jan 28, 2012
    #10
  11. anggaba

    anggaba Ads.id Fan

    Joined:
    Jul 4, 2011
    Messages:
    125
    Likes Received:
    0
    Location:
    Yogyakarta
    widih. ngeri. ilmu dari masta berat2.
     
    anggaba, Jun 25, 2012
    #11

Share This Page