Tag Archives: Webhosting

LSOF (list open files)

November 22, 2011   delaros   No comments   Views: 25

Lsof merupakan utility yang hampir mirip dengan netstat -an tapi mungkin lebih lengkap kali ya, karena qta juga bisa melihat file2 yang sedang dijalakan apa saja oleh suatu program, mulai dr binary file, library dan file2 yang berhubungan dengan program yg sedang berjalan.. la wong namanya aja “List open files” ker..

Install lsof di FreeBSD:

cd /usr/ports/sysutils/lsof
make install clean
rehash
Read More

Prevent user from creating custom php.ini on suphp servers

October 28, 2011   delaros   No comments   Views: 29

Edit:

/usr/local/apache/conf/php.conf

Then add the following line:

suPHP_Config /usr/local/lib/php.ini

Don’t forget to change the location to your php.ini configuration, as it may be different on your server than the example above and restart Apache.

Read More

Find r57 and c99 Shells Hidden Inside PHP and TXT Files

June 16, 2010   delaros   7 Comments   Views: 326

When malicious intruders compromise a web server, there’s an excellent chance a famous Russian PHP script, r57shell, will follow. The r57shell PHP script gives the intruder a number of capabilities, including, but not limited to: downloading files, uploading files, creating backdoors, setting up a spam relay, forging email, bouncing a connection to decrease the risk of being caught, and even taking control of SQL databases. All these functions become readily available through an easy to use web interface, but now you can fight back.

A Turkish member on a forum I participate in released this nifty little bash command, but first, make sure you execute updatedb so find has an up to date image to search:

find /var/www/ -name "*".php -type f -print0 | xargs -0 grep r57 | uniq -c | sort -u | cut -d":" -f1 | awk '{print "rm -rf " $2}' | uniq

You can also search regular text (.txt) files:

Read More

Mencari file inject di webserver

February 22, 2010   delaros   1 Comment   Views: 32

scanning

OK langsung saja, command berikut adalah yang biasa saya pakai untuk scanning php file inject di webserver FreeBSD. Saya catat di sini biar gak lupa. :D
1. Scanning php files dalam path si username dan mencari 1 kata / strings dalam files php sesuai dengan kata yang kita cari:

server2# find /home/username/ -name "*".php -type f -print0| xargs -0 grep "powered by rapidleech" | uniq -c | sort -u | cut -d":" -f1 | awk '{print "Warning - please check this files " $2}' | uniq

2. Scanning php files dalam path si username dan beberapa kata / strings dalam files php:

server2# find /home/username/ -name "*".php -type f -print0| xargs -0 egrep "rapidleech|c99|r57" | uniq -c | sort -u | cut -d":" -f1 | awk '{print "Warning - please check this files " $2}' | uniq

Tambahan…

Read More

  • Bisnis Online 2012 rekomendasi Admin

    Download panduan singkat menghasilkan ratusan dollar DISINI.