1. Hello Guest, selamat datang di Forum WinPoin. Kamu bisa bertanya, berdiskusi, sharing, dan ngobrolin apapun seputar Windows, Windows Phone, PC, Gadget, atau hal seputar Teknologi lainnya. Selamat berkomunitas! ;)

Cara Sederhana Menscan Script Berbahaya Di Server

Discussion in 'Developer Corner' started by instal_windows81, Feb 13, 2015.

  1. instal_windows81

    instal_windows81 Member

    Joined:
    Jan 26, 2015
    Messages:
    540
    Sejujurnya saya belum mengetest cara ini, karena saya tidak terlalu memahami kode pemprograman atau sejenisnya. Saya juga tidak punya "Server" tsb. Namun teman saya pernah mencoba ini dan katanya "Efektif". Maka dari itu tujuan saya mengshare ini adalah sbb :
    - Meminta feedback pengunjung Winpoin terhadap keampuhan cara ini
    - Berbagi pengetahuan

    Pada kasus tertentu ada sebagian Hacker Golongan Hitam meretas/mengobrak abrik server kita. Tujuannya tentulah bermacam-macam. Jika ini terjadi, saya berdoa semoga tujuannya hanya iseng doang dan tidak menimbulkan kerusakan yang berarti. Saya juga berdoa semoga tidak terjadi.
    Hacker memanfaatkan base64_decode() untuk melakukan ini. Banyak tool pihak ketiga menawarkan keamanan expert, namun biasanya berbayar. Terilhami dengan hal-hal di atas teman saya menguji cara ini dan mengijinkan saya mengshare nya ke publik.
    Konsepnya sederhana, yaitu skrip ini akan menscan semua file dalam php kita. Dan jika ditemukan kode berbahaya, user akan diberitahu dan silakan hapus manual.

    Ikuti tutorial berikut dengan bahagia :
    1. Buka notepad lalu ketikka scrip berikut :
    <html><head><title>Find String</title></head><body>
    <?php
    // Most hosting services will have a time limit on how long a php script can run, typically 30 seconds.
    // On large sites with a lot of files this script may not be able to find and check all files within the time limit.
    // If you get a time out error you can try over riding the default time limits by removing the // in the front of these two lines.

    // ini_set('max_execution_time', '0');
    // ini_set('set_time_limit', '0');


    find_files('.');

    function find_files($seed)
    {
    if(! is_dir($seed)) return false;
    $files = array();
    $dirs = array($seed);
    while(NULL !== ($dir = array_pop($dirs)))
    {
    if($dh = opendir($dir))
    {
    while( false !== ($file = readdir($dh)))
    {
    if($file == '.' || $file == '..') continue;
    $path = $dir . '/' . $file;
    if(is_dir($path)) { $dirs[] = $path; }

    // the line below tells the script to only check the content of files with a .php extension.
    // the if{} statement says if you "match" php[\d]? at the end of the file name then check the contents
    // of the file. The [\d]? part means also match if there is a digit \d such as .php4 in the file extension

    // else { if(preg_match('/\/*\.php[\d]?$/i', $path)) { check_files($path); }}

    // 07/26/2011 Based on some recent Pharma hacks I have changed the default to check php, js and txt files
    else { if(preg_match('/^.*\.(php[\d]?|js|txt)$/i', $path)) { check_files($path); }}

    // if you would like to check other (all) file types you can comment out/un-comment and or modify
    // the following lines as needed. You can only have one of the else{} statements un-commented.
    // The first example contains a lengthy OR (the | means OR) statement, the part inside the (),
    // (php[\d]?|htm|html|shtml|js|asp|aspx) You can add/remove filetypes by modifying this part
    // (php[\d]?|htm|html|shtml) will only check .php, .htm, .html, .shtml files.

    // else { if(preg_match('/^.*\.(php[\d]?|htm|html|shtml|js|asp|aspx)$/i', $path)) { check_files($path); }}

    // In the next else{} statement there is no if{}, no checking of the file extension every file will be checked.

    // else { check_files($path); } // will check all file types for the code

    }
    closedir($dh);
    }}}

    function check_files($this_file)
    {
    // the variable $str_to_find is an array that contains the strings to search for inside the single quotes.
    // if you want to search for other strings replace base64_decode with the string you want to search for.

    $str_to_find[]='base64_decode';
    $str_to_find[]='edoced_46esab'; // base64_decode reversed
    $str_to_find[]='preg_replace';
    $str_to_find[]='HTTP_REFERER'; // checks for referrer based conditions
    $str_to_find[]='HTTP_USER_AGENT'; // checks for user agent based conditions

    if(!($content = file_get_contents($this_file)))
    { echo("<p>Could not check $this_file You should check the contents manually!</p>\n"); }
    else
    {
    while(list(,$value)=each($str_to_find))
    {
    if (stripos($content, $value) !== false)
    {
    echo("<p>$this_file -> contains $value</p>\n");
    }
    }
    }
    unset($content);
    }?>
    </body></html>
    [attachment=5564]
    2. Simpan dengan sembarang nama dan tempat, ektensi php dan Type All File
    [attachment=5565]
    3. Upload scrip tadi ke Server Hosting anda.
    4. Jalankan file php tadi
    5. Selesai. . .
    Jika tidak mau repot silakan download file nya di http://www.mediafire.com/download/11l37lhd9gz4fkf/temukan.php.zip[/url]
    Semoga membantu :cool::cool::cool:
     

    Attached Files:

  2. Alfin Rahman

    Alfin Rahman Member

    Joined:
    Dec 8, 2013
    Messages:
    676
    +Rep, btw PHPnya mantep..
     
  3. Febian

    Febian Administrator Staff Member

    Joined:
    May 7, 2013
    Messages:
    8,029
    Hmmm..perlu dicoba nih di local server
    kebetulan aku ada local server linux..xxixixix

    aku coba dl, besok aku report hasilnya :kagum:
     
  4. instal_windows81

    instal_windows81 Member

    Joined:
    Jan 26, 2015
    Messages:
    540
    coba z gan. Bila perlu server linux, windows dll dicoba semua. . . :goodjob:
     
  5. Febian

    Febian Administrator Staff Member

    Joined:
    May 7, 2013
    Messages:
    8,029
    gak punya Windows Server aku om, dan gak bs cara pake nya (gak pernah pake krn high cost)
    jd test di server linux aja nanti siang..hihihihihi
     
  6. instal_windows81

    instal_windows81 Member

    Joined:
    Jan 26, 2015
    Messages:
    540
    :goodjob::goodjob:
     

Share This Page