Coba dicek plugin/component/widget yg membutuhkan registrasi. Biasa spam masuk lewat comment, shoutbox. Dll.
Bbrpa waktu lalu, web sy disuspend oleh MWN, katanya ada flood/DDOS ke server mrka melalui web sy trsbut. Trnyata stlah sy cek, trnyata bnyk script aneh yg mrka titipkan lewat comment2 diartikel, forum diskusi, shoutbox. - domainsaya.com/syslog/http_access.2010-05-27.log 67.218.116.166 - - [27/May/2010:16:52:08 +0000] "GET /robots.txt HTTP/1.1" 200 144 "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuil.com/twiceler/robot.html)" 216.129.119.13 - - [27/May/2010:16:55:26 +0000] "GET /robots.txt HTTP/1.1" 200 144 "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuil.com/twiceler/robot.html)" 207.46.13.143 - - [27/May/2010:17:45:50 +0000] "GET /robots.txt HTTP/1.1" 200 2640 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" 207.46.13.143 - - [27/May/2010:17:46:49 +0000] "GET /download/SS%20DAN%20SA%20%28MATERI%29.doc HTTP/1.1" 200 1137 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)" 67.218.116.165 - - [27/May/2010:17:46:54 +0000] "GET /robots.txt HTTP/1.1" 200 1137 "-" "Mozilla/5.0 (Twiceler-0.9 http://www.cuil.com/twiceler/robot.html)" 195.191.54.105 - - [27/May/2010:17:54:08 +0000] "GET / HTTP/1.0" 200 2640 "http://domainsaya.com/ <http://stppgowa.ac.id/%22> " "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Crazy Browser 1.0.5)" ... - subdomainpada.domainsaya.com/syslog/http_access.2010-05-27.log 188.72.217.25 - - [27/May/2010:18:30:19 +0000] "POST / HTTP/1.0" 403 15 "-" "Mozilla/4.0 (compatible; Synapse)" 188.72.217.25 - - [27/May/2010:18:30:29 +0000] "POST / HTTP/1.0" 403 15 "-" "Mozilla/4.0 (compatible; Synapse)" 188.72.217.25 - - [27/May/2010:18:30:37 +0000] "POST / HTTP/1.0" 403 15 "-" "Mozilla/4.0 (compatible; Synapse)" 125.164.2.142 - - [27/May/2010:18:30:42 +0000] "POST /index.php HTTP/1.1" 403 15 "http://subdomainpada.domainsaya.com/ <http://ujianonline.stppgowa.ac.id/%22> " "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 4.3 (build 01218))" 188.72.217.25 - - [27/May/2010:18:30:46 +0000] "POST / HTTP/1.0" 403 15 "-" "Mozilla/4.0 (compatible; Synapse)" 213.5.70.184 - - [27/May/2010:18:30:46 +0000] "POST /index.php HTTP/1.1" 403 15 "http://subdomainpada.domainsaya.com <http://ujianonline.stppgowa.ac.id%22> " "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 188.72.217.25 - - [27/May/2010:18:30:55 +0000] "POST / HTTP/1.0" 403 15 "-" "Mozilla/4.0 (compatible; Synapse)" 81.19.34.130 - - [27/May/2010:18:31:00 +0000] "POST /index.php HTTP/1.1" 403 15 "http://subdomainpada.domainsaya.com/ <http://ujianonline.stppgowa.ac.id/%22> " "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 4.3 (build 01218))" 81.19.34.130 - - [27/May/2010:18:31:01 +0000] "POST /index.php HTTP/1.1" 403 15 "http://subdomainpada.domainsaya.com/ <http://ujianonline.stppgowa.ac.id/%22> " "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 4.3 (build 01218))" 188.72.217.25 - - [27/May/2010:18:31:03 +0000] "POST / HTTP/1.0" 403 15 "-" "Mozilla/4.0 (compatible; Synapse)" 81.19.34.130 - - [27/May/2010:18:31:09 +0000] "POST /index.php HTTP/1.1" 403 15 "http://subdomainpada.domainsaya.com/ <http://ujianonline.stppgowa.ac.id/%22> " "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 4.3 (build 01218))" 188.72.217.25 - - [27/May/2010:18:31:12 +0000] "POST / HTTP/1.0" 403 15 "-" "Mozilla/4.0 (compatible; Synapse)" 188.72.217.25 - - [27/May/2010:18:31:21 +0000] "POST / HTTP/1.0" 403 15 "-" "Mozilla/4.0 (compatible; Synapse)" 188.72.217.25 - - [27/May/2010:18:31:34 +0000] "POST / HTTP/1.0" 403 15 "-" "Mozilla/4.0 (compatible; Synapse)" Ini log request mereka, perhatikan interval time request tersebut, yaitu setiap per sekian detik/second request berulang-ulang. From: [email protected] [mailto:[email protected]] On Behalf Of Tom Sent: Saturday, May 28, 2011 11:02 PM To: [email protected] Subject: Re: [Mugi] ada saran ? Hmmm, jadi omongan mereka bahwa blog saya memberatkan server itu adalah sesuatu yang memang bisa diterima ya ? Sebenernya saya nggak tahu plugin apa saja yang memberatkan itu, tapi saya diamkan aja, nggak diapa-apain ya beres lagi tuh sampe sekarang ... J Bisa kasih contoh plugin / component yang rentan serangan spam itu seperti apa ? Juga hal lain yang memang memberatkan server mereka ? -- - Tom - Blog: http://tomita.web.id/ Y!: tomitaprakoso FB: facebook.com/tomita Twitter : twitter.com/ttpra From: [email protected] [mailto:[email protected]] On Behalf Of Kisman A. Arsyad Iyah om tom, web j**mla yg sy titip disitu prnah brmasalh, jawabannya sama. Tp stlah sy cek di dtbase emang bnyk 'yg aneh2'. Trutama pnggunaan plugin/component yg rentan serangan spam. Tp stlah di clear, smua kmbali normal.
_______________________________________________ To unsubscribe from this group, send an email to: [email protected] Get Free 5 GB mailbox Check this http://www.mugi.or.id Powered by bisnismedia.com
