Rezolles Photography 0 Report post Posted August 28, 2005 (edited) Bagi mereka yang tidak mengikuti thread webserver di pembangunan web,takper....kami disini membincangkan SOAL KESELAMATAN selepas salah seorang dari kami webserver di ceroboh dan ubah sesuka hati.Tapi malangnya,dier tak tahu aper nak buat......<Sedutan>Soalan:1.bagaimana nak mengelak dari ancaman sebegini?2.bagaimana nak mengesan IP seseorang yang dah buat sebegini?? Pikir..... Edited August 28, 2005 by REZOLLES Share this post Link to post Share on other sites
Rezolles Photography 0 Report post Posted August 28, 2005 An unprotected Windows computer connected to the Internet is in danger of being broken into by outside intruders who continuously scan the Internet for security holes. Many computers use a firewall for protection.Unfortunately, firewalls can be bypassed by clever attackers. The Imaginary Web Server (IWS) makes the attackers think that they have found a web server which is no longer active.When they come to your computer, the server will give them an error message and send them to http://some.imaginaryplace.com - some imaginary place on the web. Now, don't worry, you will not be sending them to some unsuspecting web site!Whiz Kid Technomagic has secured the imaginaryplace.com domain and delegated the some.imaginaryplace.com subdomain, so they will, indeed, find the "new" location of "your" web site. They will go there and leave your computer in peace.Meanwhile, your computer remains perfectly safe from these attackers. No matter what file they try to access on your computer, no matter what command they try to execute on your computer, your IWS always reacts the same way.It never lets them access the inside of your computer but always sends them off. Some attackers try a different approach. Instead of trying to get to your files, they try to upload files to your system. Often these are scripts or programs they want to run on your computer.The Imaginary Web Server will, again, tell them there no longer is anywhere to upload files on your system and will send them away. Some attackers try to upload huge files, just to keep your system busy and to slow down your Internet access. The IWS shuts the door on them.Other attackers try to sneak in a hidden web server on your system and let that server cooperate with the attackers. But only one web server can exist on your computer. With IWS running, they cannot run. And if they start running first, IWS will tell you that another web server is already running, so you can find it and disable it. Softpedia Share this post Link to post Share on other sites
abuariff 0 Report post Posted August 28, 2005 Kisah lama dari Microsoft IIS 5 yang tidak dipatch dengan patch terkini. Kalau setakat deface macam ni, saya rasa bukanlah satu teknik baru, bahkan vulnerability pada IIS version ini sudah keluar sejak IIS 4 lagi. Nak kata apa lagi?Apa yang anda boleh lakukan, macam biasa:0. Simpan HDD yang dah 'kena' untuk forensic.1. Check log IIS sebelum, sehingga dan selepas defacement di lakukan.2. Kenalpasti IP dari situ, dan kumpul semua maklumat.3. Kalau betul nak menyiasat juga, dan 'nak jentik telur' orang ni, boleh trace semula dengan bantuan 'orang dalam' ISP. Kalau anda rasa ini hanya percubaan 'menconteng arang ke muka' yang tidak memberi kesan mendalam, ada baiknya anda simpan saja untuk kenang-kenangan.4. Recreate box yang terlibat from scratch.5. Update dengan latest patch daripada Microsoft.6. Restore backup.Itu saja..Selamat berjaya. Share this post Link to post Share on other sites
TonikCapGajah2013 175 Report post Posted August 28, 2005 (edited) Soal kecik jer tu ... sapa nak belaja ceroboh komputer orang silakan masuk site aku dan ubah lah sesuka hati.http://komputer.myvnc.com/webpage/ Edited August 28, 2005 by OngBok Share this post Link to post Share on other sites
sharuzzaman 1 Report post Posted August 28, 2005 ada banyak skrip kat Internet yang boleh digunakan untuk [biskut tawar] server IIS yang tidak dikemaskini.. even kalau kemaskini pun, mungkin ada 0-day yang kita tak tahu, tapi cracker tahu dan dah release skrip Share this post Link to post Share on other sites
gengstapo 0 Report post Posted August 28, 2005 Soalan:1.bagaimana nak mengelak dari ancaman sebegini?2.bagaimana nak mengesan IP seseorang yang dah buat sebegini?? Pikir.....ā1. update selalu patch platform webserver anda2. dptkan log record yg ada & buat aduan/ pertanyaan kat ISPokies Share this post Link to post Share on other sites
Rezolles Photography 0 Report post Posted August 29, 2005 kat ner aar nak update patch?? Share this post Link to post Share on other sites
gengstapo 0 Report post Posted August 29, 2005 kat ner aar nak update patch??āplatform windows/ linux ada step-by-step update patch. donwload jek.okies Share this post Link to post Share on other sites
sharuzzaman 1 Report post Posted August 29, 2005 kat ner aar nak update patch??āWindows:http://windowsupdate.microsoft.comDebian:apt-get updateapt-get upgradeCentOS 3:yum update Share this post Link to post Share on other sites
b1naryc0de 1 Report post Posted August 29, 2005 Gentoo:emerge --syncemerge --update --deep world Share this post Link to post Share on other sites
crypto.md5 1 Report post Posted August 30, 2005 Yup, memang tidak update patch, tapi update patch pun tak guna sebab dari hari ke hari crekers..heckers cuba cari jalan lain, bila dah diceroboh patch tu, baru ler microsoft buat patch lagi, tapi dah terlambat bagi mangsa tu... tapi sekurang2nya update ler...kala dpt kesan pun IP penceroboh tu pun bukan IP yg sebenar, kekadang ko hanya dapat kesan IP ko sendiri sedangkan penceroboh tu kongsi IP dengan ko...IP,TCP,UDP,ICMP dari luar patut dihalang hanya yg berkenaan saja yg perlu dibuka, windows XP firewall? jangan 100% harapkan firewall windows.Bila ko browsing internet guna webserver, sekali lagi ko terdedah ngan bahaya, secara tak sengaja ko tersurfing website yg menggunakan java untuk korek maklumat webserver ko (korek sedalam2nya) habislah. active x?mcm2 lagilah... its not secure to browse internet with your web server. Share this post Link to post Share on other sites
kred 0 Report post Posted August 30, 2005 kalo pasang firewall ngn NIDS/HIDS boleh membantu kan... Share this post Link to post Share on other sites
bashrun 0 Report post Posted August 30, 2005 (edited) erm...kalo aku la, aku akan...1. gunakan firewall yg ade 2 NIC card2. tutup semua port kecuali port 80 dan port yg berkenaan3. letakkan firewall kat front end, webserver kat back end.4. buat port mapping dari firewall ke webserver. port yg berkaitan je5. folder yg ade fail web tuh cume bleh read je.6. set log xs kat mana mana yg patut.internet -------> ext ip firewall int ip --map to----> webserverkire ade 2 jenis ip la, satu external satu lagi internal.agak agak cara yg aku gunakan nie selamat tak.bleh kene deface gak ke. by the way, deface tuh ape ek Edited August 30, 2005 by farkyiew Share this post Link to post Share on other sites
crypto.md5 1 Report post Posted August 30, 2005 yup betul, selalunya kat company besar2, aku taruh firewall/ids.tapi bergantunglah kepada product tu.ada dulu aku pakai firewall/ids..tak payah aku sebut brand apa, skang tak pakai lagi, entah macam mana firewall tu sendirik kena attack.. dah bincang ngan security engineer lain, semua ok, tapi ntah naper jadi sebaliknya... kelam kabut company tu server down, data ubs dan sebagainya semua hilang. sehinggalah tukar gi product cisco (mahal woii) kerja2 keselamatan tidak begitu membebankan. good security... sampai sekarang masih takder kes2 berjaya diceroboh, ade la yg cuba ceroboh tu tapi hahahahaha gagal. if u very very serious about the security, choose cisco.tapi mahal giler, takde home user yg nak beli Share this post Link to post Share on other sites
suriasah_putera 0 Report post Posted August 30, 2005 Wahahahahahahahahaha....Ni lah kesudahannya buat org yg malas nak update patches (hukuman tu)...Lg satu teori tentang hacking nih ialah "tiada apa yang mustahil"...Even, kalo kita letak IDS/IPS, firewall pun takkan membantu jugak...Dr segi patches, bukan setakat webserver atau os yg kita gunakan, tetapi jugak application yg kita gunakan... byk cara org buat 'benda bodoh' mcm atas tu...Seperti contoh kes atas tuh, even kalo kita guna firewall pun, and tutup semua port kecuali port 80, pun org still boleh buat attack. Antara contoh yg "glamer" org selalu buat ialah "UNICODE ATTACK". Hanya run beberapa command dekat URL dah boleh buat mcm tu. Benda nih berlaku kalo ada vulnerabilities dlm IIS yg tak diupdate and patch.Ada jugak kaedah lain. Contohnya kalo kita running website/portal guna PHP, Postnuke dsb, make sure dapatkan latest patches dr vendor yg terbabit. Dengan hanya menggunakan "SCRIPT INJECTION" dekat address bar pun boleh buat...Byk lagi contoh-contoh lain yg boleh dibuat....Bykkan membaca dan kaedah utk belajar pasal kerja2 "beruk IT " nih...Kengkadang ada jugak server yg dah dipatch semua, tp still kena deface jugak berkali2... Make sure semua file2 dlm tuh valid dan bukan file yg ditanam oleh "beruk IT". Share this post Link to post Share on other sites
kred 0 Report post Posted August 30, 2005 so.. network security nih... mender mengarut ler.. saje nak wat cari makan ler... sebab setinggi manapon pagar org tetap jugak bole melompat!!.... masuk guna cookies pon boleh jugak.... Share this post Link to post Share on other sites
suriasah_putera 0 Report post Posted August 30, 2005 (edited) Gilo apo bende mengarut....Hokhokhohkhohkhohkhohhohk....Kalo xde security, maka xde la nak jumpa latest technology mcm yg kita ada skarang....Mcm kata dak Azuan, " Makin banyak org guna broadband, makin ramai Beruk IT"....Kalo tgk dr page atas tuh, budak pinguspy yg kecoh tuh buat... Edited August 30, 2005 by suriasah_putera Share this post Link to post Share on other sites
kred 0 Report post Posted August 30, 2005 (edited) yeker??? bukan kalo takde security bukan org security takde keje ke... nih kira mcm pelaburan ke atas tentera laa.. takde keje tapi kene ada.. tapi setau aku skang ni. ade teknologi security terbaru selain hids nih!!!! tak hengat laks.. screened subnet teknolgi baru ka?*tapi aku rasa org security yg buat keja jahat nih.. supaya dorg nampak penting alaa cma antivirus laa.. ntahĀ² org yg wat virus tuh kena bayar ngn kompeni anti virus.. who know???? Edited August 30, 2005 by kred Share this post Link to post Share on other sites
suriasah_putera 0 Report post Posted August 30, 2005 Actually mmg x abis la kalo ckp bab security nih...kat atas tuh, salah satu drpd nya....Tak percaya, cuba check kat URL yg aku bg tuh. Salah satu vulnerable dlm Postnuke.Apa tuh Postnuke ? Carik kat Google kalo x tau... Share this post Link to post Share on other sites
gengstapo 0 Report post Posted August 30, 2005 Dan, aku test sekali lagi, mmg dia vulnerable. Exploit dia byk kat net n boleh guna....www.gibroz.com/modules/PNphpBB2/includes/index.htmlāwahaaa.. otai dah tunjuk belang..run 4 ur life!!.. Share this post Link to post Share on other sites
kred 0 Report post Posted August 30, 2005 waaaa.... memang keje dak security...... errrr.... topik nih boleh tak kita bincangĀ² pasal sekuritiĀ² yg terbaru?? okeh gak kan? kan? Share this post Link to post Share on other sites
bashrun 0 Report post Posted August 30, 2005 so.. network security nih... mender mengarut ler.. saje nak wat cari makan ler... sebab setinggi manapon pagar org tetap jugak bole melompat!!.... masuk guna cookies pon boleh jugak....āhah, attack guna cookies pun buleh ke?wow, takutnye aku. tak pasal pasal lak aku kene buang keje kang...tapi camner ek... bukan ke cookies tuh datang dari kitenyer webserver pegi ke client.. kita bleh hantar balik ek cookies to ke webserver. camner kalo kita setkan webserver tuh jangan amik apa apa dari cookies. bace je dah le.. baca ? ermm.. camtu ke attack pakai cookies...ahh sudah... parah aku kang nie Share this post Link to post Share on other sites
kred 0 Report post Posted August 30, 2005 tu pasal kalo ko guna maybank2u.com.my pas guna dier suruh clear cookies! ..sebenarnya kita edit cookies pastuh.. eh!?? tak leh citer laa.. ko carik senirik la.. aku pun taktau ! Share this post Link to post Share on other sites
suriasah_putera 0 Report post Posted August 30, 2005 Huhuhuhuhuhuhuhu.....Payah betul kita nak bincang pasal sekuriti kat cni kan...Depends pd mod le dia bg ke tak topik pasal sekuriti nih...Tp bg aku xpe.... asalkan jgn bg tutorial pasal mcm mana nak jd "beruk IT' tu...Better kalo kita discuss pasal vulnerabilities dan mcm mana nak atasinya...And kebanyakan drpd vulnerabilities nie, dtgnya drpd opensource application... mcm contoh, portal Postnuke, Mambo, apa2 yg guna PHP ke dsb...Vulnerabilities drpd application atas tuh lebih kepada scripting yang memungkinkan org buat exploit utk dapatkan access ke shell...Bila dah dapat acces shell tuh, maka mcm2 la 'beruk IT' tuh bleh buat...Shell ? Tak tau ? cmd.exe? pun tak tau? Cari kat Google! Share this post Link to post Share on other sites
kred 0 Report post Posted August 30, 2005 alangĀ² ko dah mencebur bidang nih.. ko jadi cikgu sekuriti kitorg... okeh?? eh?? kejap!! tanya tuan punya thread dulula.... Share this post Link to post Share on other sites