{"id":981,"date":"2016-12-17T19:25:37","date_gmt":"2016-12-17T19:25:37","guid":{"rendered":"https:\/\/zaf.web.id\/blog\/?p=981"},"modified":"2016-12-17T19:29:33","modified_gmt":"2016-12-17T19:29:33","slug":"serangan-adware-via-htaccess","status":"publish","type":"post","link":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/","title":{"rendered":"Serangan Adware via .htaccess"},"content":{"rendered":"<p>Bukan pertama kalinya beberapa <em>server<\/em> kami mendapatkan serangan dengan teknik yang berbagai macam jenis, bentuk, dan dampaknya. Pagi ini\u00a0sempat kaget karena semua website yang ada dalam server <em>Gili Air<\/em>\u00a0kami diarahkan ke situs iklan ketika diakses dari perangkat <em>mobile<\/em>. Saat ditelusuri ternyata semua file <code>.htaccess<\/code> nya telah disusupi semua, untuk mendeteksi perangkat <em>mobile<\/em> berdasarkan <code>HTTP_USER_AGENT<\/code> dan selanjutnya melakukan <em>redirect<\/em> ke alamat <code>luxurytds[dot]com<\/code>.<\/p>\n<figure id=\"attachment_982\" aria-describedby=\"caption-attachment-982\" style=\"width: 660px\" class=\"wp-caption aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-982\" src=\"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM.png?resize=660%2C438&#038;ssl=1\" alt=\".htaccess malware inject\" width=\"660\" height=\"438\" srcset=\"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM.png?resize=1024%2C680&amp;ssl=1 1024w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM.png?resize=300%2C199&amp;ssl=1 300w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM.png?resize=768%2C510&amp;ssl=1 768w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM.png?resize=619%2C411&amp;ssl=1 619w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM.png?w=1233&amp;ssl=1 1233w\" sizes=\"auto, (max-width: 660px) 100vw, 660px\" \/><figcaption id=\"caption-attachment-982\" class=\"wp-caption-text\">.htaccess malware inject<\/figcaption><\/figure>\n<p>Gambar diatas merupakan isi <code>.htaccess<\/code> di salah satu <em>web<\/em> yang terinfeksi, \u00a0kombinasi <em>regex<\/em> hampir mencakup semua kemungkinan <em>user agent<\/em> dari perangkat <em>mobile<\/em>. Si <em>attacker<\/em>\u00a0memang niat sekali!<!--more--><\/p>\n<p>Membersihkan semua file <code>.htaccess<\/code> yang terinfeksi tidak menyelesaikan masalah, sewaktu-waktu file tersebut dapat terinfeksi kembali oleh suatu <em>trigger<\/em>. <em>Trigger<\/em> yang dimaksud bisa jadi disisipkan juga dalam <em>file sistem<\/em> yang terkait dengan sebuah halaman <em>website<\/em>. Beberapa kata kunci\u00a0yang sering saya temukan dalam <em>script\u00a0PHP<\/em> yang terinfeksi <em>malware<\/em> adalah:<\/p>\n<ul>\n<li><code>eval(<\/code><\/li>\n<li><code>eval(base64_encode(<\/code><\/li>\n<li><code>$GLOBALS[<\/code> (perlu analisis lagi)<\/li>\n<\/ul>\n<p>Saya membuat\u00a0<a href=\"https:\/\/github.com\/23Pstars\/php-utils\/blob\/master\/malfind.php\">script PHP<\/a> untuk melakukan <em>scanning<\/em>\u00a0secara rekursif terhadap <code>public_html<\/code>, ini sangat membantu utnuk melakukan analisa dan melakukan pembersihan. Biasanya akan\u00a0banyak <em>file <\/em>terinfeksi yang ditemukan,\u00a0mau tidak mau itu harus dibersihkan semua.<\/p>\n<p>Sayangnya\u00a0kata kunci diatas termasuk <em>obsolete<\/em>, karena <em>attacker<\/em>\u00a0sudah memiliki trik lain untuk mengelabui sistem pencarian berdasarkan kata kunci yang sering digunakan <em>script malware<\/em>.<\/p>\n<figure id=\"attachment_985\" aria-describedby=\"caption-attachment-985\" style=\"width: 660px\" class=\"wp-caption aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-985\" src=\"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-18-at-2.40.29-AM.png?resize=660%2C99&#038;ssl=1\" alt=\"Alias untuk fungsi script\" width=\"660\" height=\"99\" srcset=\"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-18-at-2.40.29-AM.png?resize=1024%2C154&amp;ssl=1 1024w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-18-at-2.40.29-AM.png?resize=300%2C45&amp;ssl=1 300w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-18-at-2.40.29-AM.png?resize=768%2C115&amp;ssl=1 768w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-18-at-2.40.29-AM.png?resize=619%2C93&amp;ssl=1 619w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-18-at-2.40.29-AM.png?w=1038&amp;ssl=1 1038w\" sizes=\"auto, (max-width: 660px) 100vw, 660px\" \/><figcaption id=\"caption-attachment-985\" class=\"wp-caption-text\">Alias untuk fungsi script<\/figcaption><\/figure>\n<p>Dari gambar diatas, <code>base64_decode<\/code> disimpan dalam bentuk <i>string<\/i> sebagai <em>variabel<\/em>.\u00a0Tebak saja yang dilakukan adalah langsung memanggil fungsi tersebut melalui variabel\u00a0dimana string <code>base64_decode<\/code> tersebut disimpan.<\/p>\n<p>Saya perlu waktu\u00a0satu-dua hari untuk\u00a0menelusuri jejak-jejak <em>script malware<\/em> yang ada pada <em>server<\/em>. Melakukan analisa, pengecekan, dan restorasi kepada tiap <em>script<\/em> (<em>file<\/em>) yang terinfeksi.<\/p>\n<figure id=\"attachment_987\" aria-describedby=\"caption-attachment-987\" style=\"width: 660px\" class=\"wp-caption aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-987\" src=\"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.13.10-AM.png?resize=660%2C325&#038;ssl=1\" alt=\"Proses scanning\" width=\"660\" height=\"325\" srcset=\"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.13.10-AM.png?resize=1024%2C504&amp;ssl=1 1024w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.13.10-AM.png?resize=300%2C148&amp;ssl=1 300w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.13.10-AM.png?resize=768%2C378&amp;ssl=1 768w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.13.10-AM.png?resize=619%2C304&amp;ssl=1 619w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.13.10-AM.png?w=2000&amp;ssl=1 2000w\" sizes=\"auto, (max-width: 660px) 100vw, 660px\" \/><figcaption id=\"caption-attachment-987\" class=\"wp-caption-text\">Proses scanning<\/figcaption><\/figure>\n<p>Ini hanya\u00a0sebagian kecil dari pekerjaan seorang <em>Sys Admin<\/em>, menjaga performa dan fungsionalitas tetap berjalan dengan normal. Saya bukan seorang <em>Sys Admin<\/em>, tapi sialnya selalu\u00a0mendapat masalah seperti ini.<\/p>\n<p>Ada satu momen ketika hal yang seharusnya\u00a0disembunyikan malah dapat terlihat dengan gamblang, sakit!<\/p>\n<figure id=\"attachment_988\" aria-describedby=\"caption-attachment-988\" style=\"width: 660px\" class=\"wp-caption aligncenter\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-988\" src=\"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.47.25-AM.png?resize=660%2C322&#038;ssl=1\" alt=\"Backdoor file manager web\" width=\"660\" height=\"322\" srcset=\"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.47.25-AM.png?resize=1024%2C500&amp;ssl=1 1024w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.47.25-AM.png?resize=300%2C146&amp;ssl=1 300w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.47.25-AM.png?resize=768%2C375&amp;ssl=1 768w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.47.25-AM.png?resize=619%2C302&amp;ssl=1 619w, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-16-at-10.47.25-AM.png?w=2000&amp;ssl=1 2000w\" sizes=\"auto, (max-width: 660px) 100vw, 660px\" \/><figcaption id=\"caption-attachment-988\" class=\"wp-caption-text\">Backdoor file manager web<\/figcaption><\/figure>\n<blockquote><p>What would you do next? Nothing!<\/p><\/blockquote>\n<p>Mungkin tidak banyak membantu, namun beberapa\u00a0hal yang saya coba lakukan untuk\u00a0sedikit menghindari terjadinya serangan yang sama berikut patut untuk dicoba:<\/p>\n<h3>Disable file upload (php.ini)<\/h3>\n<p>Kebanyakan serangan yang terjadi adalah dengan memanfaatkan celah beberapa fitur yang ada pada <em>website<\/em>, sehingga memungkinkan\u00a0<em>attacker<\/em> untuk meng-<em>upload<\/em> <em>script<\/em>&#8211;<em>script<\/em> berbahaya kedalam <em>server<\/em> kita.<\/p>\n<h3>Block IP<\/h3>\n<p>Saya\u00a0juga membuat <a href=\"https:\/\/github.com\/23Pstars\/php-utils\/blob\/master\/logs.php\">script PHP<\/a> untuk melakukan <em>scanning<\/em> terhadap <em>file logs<\/em> untuk mencari <em>IP address<\/em> yang paling banyak melakukan <em>request<\/em>.\u00a0Secara logika\u00a0akan sangat jarang seorang <em>user<\/em> melakukan <em>request<\/em> sampai ribuan kali, jadi kemungkinan besar itu adalah percobaan serangan (<em>brute force<\/em>).\u00a0<em>Block IP address<\/em> \u00a0tersebut dari sisi <em>server<\/em>.<\/p>\n<h3>Pray&#8230;<\/h3>\n<p>Perbanyak\u00a0berdoa dan ibadah, iya itu aja!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bukan pertama kalinya beberapa server kami mendapatkan serangan dengan teknik yang berbagai macam jenis, bentuk,&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[58],"tags":[195,196],"class_list":["post-981","post","type-post","status-publish","format-standard","hentry","category-server","tag-adware","tag-htaccess-adware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Serangan Adware via .htaccess - Ahmad Zafrullah<\/title>\n<meta name=\"description\" content=\"Serangan terhadap website dengan mengarahkan pengguna smartphone ke situs iklan, penyerang menginfeksi file .htaccess untuk melakukan redirect.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/\" \/>\n<meta property=\"og:locale\" content=\"id_ID\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Serangan Adware via .htaccess - Ahmad Zafrullah\" \/>\n<meta property=\"og:description\" content=\"Serangan terhadap website dengan mengarahkan pengguna smartphone ke situs iklan, penyerang menginfeksi file .htaccess untuk melakukan redirect.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/\" \/>\n<meta property=\"og:site_name\" content=\"Ahmad Zafrullah\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/23Pstars\" \/>\n<meta property=\"article:author\" content=\"http:\/\/www.facebook.com\/23Pstars\" \/>\n<meta property=\"article:published_time\" content=\"2016-12-17T19:25:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-12-17T19:29:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM-1024x680.png\" \/>\n<meta name=\"author\" content=\"Zaf\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@23Pstars\" \/>\n<meta name=\"twitter:site\" content=\"@23Pstars\" \/>\n<meta name=\"twitter:label1\" content=\"Ditulis oleh\" \/>\n\t<meta name=\"twitter:data1\" content=\"Zaf\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimasi waktu membaca\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 menit\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/\"},\"author\":{\"name\":\"Zaf\",\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/#\\\/schema\\\/person\\\/ba4e955d59a1e6a8284857e74b14e5ed\"},\"headline\":\"Serangan Adware via .htaccess\",\"datePublished\":\"2016-12-17T19:25:37+00:00\",\"dateModified\":\"2016-12-17T19:29:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/\"},\"wordCount\":445,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/#\\\/schema\\\/person\\\/ba4e955d59a1e6a8284857e74b14e5ed\"},\"image\":{\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/Screen-Shot-2016-12-15-at-5.34.42-PM-1024x680.png\",\"keywords\":[\"adware\",\"htaccess adware\"],\"articleSection\":[\"Server\"],\"inLanguage\":\"id\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/\",\"url\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/\",\"name\":\"Serangan Adware via .htaccess - Ahmad Zafrullah\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/Screen-Shot-2016-12-15-at-5.34.42-PM-1024x680.png\",\"datePublished\":\"2016-12-17T19:25:37+00:00\",\"dateModified\":\"2016-12-17T19:29:33+00:00\",\"description\":\"Serangan terhadap website dengan mengarahkan pengguna smartphone ke situs iklan, penyerang menginfeksi file .htaccess untuk melakukan redirect.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/#breadcrumb\"},\"inLanguage\":\"id\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"id\",\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/zaf.web.id\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/Screen-Shot-2016-12-15-at-5.34.42-PM.png?fit=1233%2C819&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/zaf.web.id\\\/blog\\\/wp-content\\\/uploads\\\/2016\\\/12\\\/Screen-Shot-2016-12-15-at-5.34.42-PM.png?fit=1233%2C819&ssl=1\",\"width\":1233,\"height\":819,\"caption\":\".htaccess malware inject\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/serangan-adware-via-htaccess\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Serangan Adware via .htaccess\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/\",\"name\":\"Ahmad Zafrullah\",\"description\":\"Work to Learn is better than Learn how to Work\",\"publisher\":{\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/#\\\/schema\\\/person\\\/ba4e955d59a1e6a8284857e74b14e5ed\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"id\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/#\\\/schema\\\/person\\\/ba4e955d59a1e6a8284857e74b14e5ed\",\"name\":\"Zaf\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"id\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/zaf.web.id\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/zaf_auto_x2.jpeg?fit=300%2C300&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/zaf.web.id\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/zaf_auto_x2.jpeg?fit=300%2C300&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/zaf.web.id\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/zaf_auto_x2.jpeg?fit=300%2C300&ssl=1\",\"width\":300,\"height\":300,\"caption\":\"Zaf\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/zaf.web.id\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/09\\\/zaf_auto_x2.jpeg?fit=300%2C300&ssl=1\"},\"sameAs\":[\"http:\\\/\\\/zaf.web.id\",\"http:\\\/\\\/www.facebook.com\\\/23Pstars\",\"https:\\\/\\\/x.com\\\/23Pstars\"],\"url\":\"https:\\\/\\\/zaf.web.id\\\/blog\\\/author\\\/zaf\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Serangan Adware via .htaccess - Ahmad Zafrullah","description":"Serangan terhadap website dengan mengarahkan pengguna smartphone ke situs iklan, penyerang menginfeksi file .htaccess untuk melakukan redirect.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/","og_locale":"id_ID","og_type":"article","og_title":"Serangan Adware via .htaccess - Ahmad Zafrullah","og_description":"Serangan terhadap website dengan mengarahkan pengguna smartphone ke situs iklan, penyerang menginfeksi file .htaccess untuk melakukan redirect.","og_url":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/","og_site_name":"Ahmad Zafrullah","article_publisher":"http:\/\/www.facebook.com\/23Pstars","article_author":"http:\/\/www.facebook.com\/23Pstars","article_published_time":"2016-12-17T19:25:37+00:00","article_modified_time":"2016-12-17T19:29:33+00:00","og_image":[{"url":"https:\/\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM-1024x680.png","type":"","width":"","height":""}],"author":"Zaf","twitter_card":"summary_large_image","twitter_creator":"@23Pstars","twitter_site":"@23Pstars","twitter_misc":{"Ditulis oleh":"Zaf","Estimasi waktu membaca":"2 menit"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/#article","isPartOf":{"@id":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/"},"author":{"name":"Zaf","@id":"https:\/\/zaf.web.id\/blog\/#\/schema\/person\/ba4e955d59a1e6a8284857e74b14e5ed"},"headline":"Serangan Adware via .htaccess","datePublished":"2016-12-17T19:25:37+00:00","dateModified":"2016-12-17T19:29:33+00:00","mainEntityOfPage":{"@id":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/"},"wordCount":445,"commentCount":1,"publisher":{"@id":"https:\/\/zaf.web.id\/blog\/#\/schema\/person\/ba4e955d59a1e6a8284857e74b14e5ed"},"image":{"@id":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/#primaryimage"},"thumbnailUrl":"https:\/\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM-1024x680.png","keywords":["adware","htaccess adware"],"articleSection":["Server"],"inLanguage":"id","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/","url":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/","name":"Serangan Adware via .htaccess - Ahmad Zafrullah","isPartOf":{"@id":"https:\/\/zaf.web.id\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/#primaryimage"},"image":{"@id":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/#primaryimage"},"thumbnailUrl":"https:\/\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM-1024x680.png","datePublished":"2016-12-17T19:25:37+00:00","dateModified":"2016-12-17T19:29:33+00:00","description":"Serangan terhadap website dengan mengarahkan pengguna smartphone ke situs iklan, penyerang menginfeksi file .htaccess untuk melakukan redirect.","breadcrumb":{"@id":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/#breadcrumb"},"inLanguage":"id","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/"]}]},{"@type":"ImageObject","inLanguage":"id","@id":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/#primaryimage","url":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM.png?fit=1233%2C819&ssl=1","contentUrl":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/12\/Screen-Shot-2016-12-15-at-5.34.42-PM.png?fit=1233%2C819&ssl=1","width":1233,"height":819,"caption":".htaccess malware inject"},{"@type":"BreadcrumbList","@id":"https:\/\/zaf.web.id\/blog\/serangan-adware-via-htaccess\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zaf.web.id\/blog\/"},{"@type":"ListItem","position":2,"name":"Serangan Adware via .htaccess"}]},{"@type":"WebSite","@id":"https:\/\/zaf.web.id\/blog\/#website","url":"https:\/\/zaf.web.id\/blog\/","name":"Ahmad Zafrullah","description":"Work to Learn is better than Learn how to Work","publisher":{"@id":"https:\/\/zaf.web.id\/blog\/#\/schema\/person\/ba4e955d59a1e6a8284857e74b14e5ed"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zaf.web.id\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"id"},{"@type":["Person","Organization"],"@id":"https:\/\/zaf.web.id\/blog\/#\/schema\/person\/ba4e955d59a1e6a8284857e74b14e5ed","name":"Zaf","image":{"@type":"ImageObject","inLanguage":"id","@id":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2024\/09\/zaf_auto_x2.jpeg?fit=300%2C300&ssl=1","url":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2024\/09\/zaf_auto_x2.jpeg?fit=300%2C300&ssl=1","contentUrl":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2024\/09\/zaf_auto_x2.jpeg?fit=300%2C300&ssl=1","width":300,"height":300,"caption":"Zaf"},"logo":{"@id":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2024\/09\/zaf_auto_x2.jpeg?fit=300%2C300&ssl=1"},"sameAs":["http:\/\/zaf.web.id","http:\/\/www.facebook.com\/23Pstars","https:\/\/x.com\/23Pstars"],"url":"https:\/\/zaf.web.id\/blog\/author\/zaf\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":799,"url":"https:\/\/zaf.web.id\/blog\/tren-mobile-banking-menggunakan-smartphone\/","url_meta":{"origin":981,"position":0},"title":"Tren Mobile Banking menggunakan Smartphone","author":"Zaf","date":"Januari 10, 2016","format":false,"excerpt":"Begitulah perkembangan teknologi, yang tidak dapat mengikuti akan terlindas olehnya. Bagi sebagian besar orang melakukan transaksi dimanapun dan kapanpun memiliki keuntungan sendiri, salah satunya efisiensi waktu. Belakangan semakin banyak orang yang telah memanfaatkan fasilitas mobile banking yang disediakan\u00a0beberapa bank dalam negeri, tiga\u00a0diantaranya (kebetulan BUMN) yang saya gunakan ialah\u00a0mandiri, BNI, dan\u2026","rel":"","context":"dalam &quot;Coretan&quot;","block_context":{"text":"Coretan","link":"https:\/\/zaf.web.id\/blog\/category\/coretan\/"},"img":{"alt_text":"Mobile Banking","src":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/01\/IMG_0711-577x1024.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":1048,"url":"https:\/\/zaf.web.id\/blog\/ketika-ddos-menyerang\/","url_meta":{"origin":981,"position":1},"title":"Ketika DDoS menyerang","author":"Zaf","date":"April 1, 2017","format":false,"excerpt":"Mengelola server merupakan pekerjaan yang tidak\u00a0selalu mudah. Sesuatu\u00a0yang sifatnya open public pastinya memiliki banyak ancaman yang tidak pernah dapat ditebak kapan datangnya. Berapa tahun terakhir saya bertugas untuk mengelola beberapa server\u00a0yang\u00a0menaungi cukup banyak website, mulai dari bisnis, personal, iseng, sampai yang tidak penting. DigitalOcean Sejauh ini layanan VPS (Virtual Private\u2026","rel":"","context":"dalam &quot;Server&quot;","block_context":{"text":"Server","link":"https:\/\/zaf.web.id\/blog\/category\/server\/"},"img":{"alt_text":"DDoS everywhere","src":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2017\/03\/ddos-ddos-everywhere.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2017\/03\/ddos-ddos-everywhere.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2017\/03\/ddos-ddos-everywhere.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":484,"url":"https:\/\/zaf.web.id\/blog\/serangan-campaign-malware\/","url_meta":{"origin":981,"position":2},"title":"Serangan Campaign Malware","author":"Zaf","date":"Desember 18, 2014","format":false,"excerpt":"Hari ini dipenghujung tahun 2014 ini adalah hari paling merepotkan selama mengelola salah satu Cloud milik LRsoft.\u00a0Pasalnya server mendapat kado natal istimewa berupa malware yang menginfeksi 60 lebih website yang\u00a0ada didalamnya, sehingga ketika domain web tersebut diakses via browser akan muncul peringatan block halaman dari layanan Google seperti gambar dibawah:\u2026","rel":"","context":"dalam &quot;Server&quot;","block_context":{"text":"Server","link":"https:\/\/zaf.web.id\/blog\/category\/server\/"},"img":{"alt_text":"Block dari Google","src":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2014\/12\/malware-frommshead.php_.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2014\/12\/malware-frommshead.php_.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2014\/12\/malware-frommshead.php_.png?resize=525%2C300 1.5x"},"classes":[]},{"id":875,"url":"https:\/\/zaf.web.id\/blog\/mandiri-internet-bisnis-untuk-android-dan-ios\/","url_meta":{"origin":981,"position":3},"title":"Mandiri Internet Bisnis (MIB) untuk Android dan iOS","author":"Zaf","date":"Juni 29, 2016","format":false,"excerpt":"Mandiri Internet Bisnis (MIB) merupakan fasilitas untuk melakukan transaksi finansial bagi perusahaan atau pelaku bisnis lainnya, berbeda dengan Internet Banking (IB - personal), MIB memiliki limit transaksi yang cukup besar per-harinya. MIB sebetulnya bukan merupakan layanan baru, saya sendiri\u00a0baru aktif\u00a0menggunakan fasilitas tersebut sejak 1 tahun terakhir. Jika sebelumnya fasilitas MIB\u2026","rel":"","context":"dalam &quot;Coretan&quot;","block_context":{"text":"Coretan","link":"https:\/\/zaf.web.id\/blog\/category\/coretan\/"},"img":{"alt_text":"Halaman utama MIB mobile","src":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2016\/06\/IMG_2458-577x1024.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":256,"url":"https:\/\/zaf.web.id\/blog\/masalah-ketika-aktivasi-mandiri-mobile-di-smartphone-android\/","url_meta":{"origin":981,"position":4},"title":"Masalah ketika aktivasi mandiri mobile di Smartphone Android","author":"Zaf","date":"Mei 14, 2014","format":false,"excerpt":"Bagi penggiat smartphone seperti saya tentunya tidak akan menggunakan perangkat\u00a0pintarnya\u00a0hanya untuk sekedar SMS\u00a0\/ telepon saja, tentunya banyak hal yang bisa dilakukan dari perangkat\u00a0tersebut, salah satunya mandiri mobile, aplikasi Android khusus untuk nasabah mandiri yang dapat digunakan untuk berbagai macam keperluan transaksi. Sama halnya dengan\u00a0Internet Banking versi Desktop dimana fitur fitur\u2026","rel":"","context":"dalam &quot;Android&quot;","block_context":{"text":"Android","link":"https:\/\/zaf.web.id\/blog\/category\/android\/"},"img":{"alt_text":"image","src":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2014\/05\/wpid-screenshot_2014-05-14-12-41-32.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":1437,"url":"https:\/\/zaf.web.id\/blog\/sms-gateway-android-sebagai-alternatif-gammu\/","url_meta":{"origin":981,"position":5},"title":"SMS Gateway Android Sebagai Alternatif Gammu","author":"Zaf","date":"Agustus 6, 2019","format":false,"excerpt":"Media komunikasi SMS saat ini memang cenderung sepi pengguna, saya sendiri termasuk user yang sudah jarang sekali menggunakan fasilitasi SMS. Dengan banyaknya aplikasi chat online yang ditawarkan, dan tentunya free, membuat user lebih memilih untuk menggunakan aplikasi chat online tersebut sebagai alat komunikasi sehari-hari. SMS Masih Dibutuhkan Sudah menjadi hal\u2026","rel":"","context":"dalam &quot;Coretan&quot;","block_context":{"text":"Coretan","link":"https:\/\/zaf.web.id\/blog\/category\/coretan\/"},"img":{"alt_text":"SMS","src":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2019\/01\/sms-1024x422.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2019\/01\/sms-1024x422.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/zaf.web.id\/blog\/wp-content\/uploads\/2019\/01\/sms-1024x422.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"jetpack_likes_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4zLnS-fP","_links":{"self":[{"href":"https:\/\/zaf.web.id\/blog\/wp-json\/wp\/v2\/posts\/981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zaf.web.id\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zaf.web.id\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zaf.web.id\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zaf.web.id\/blog\/wp-json\/wp\/v2\/comments?post=981"}],"version-history":[{"count":5,"href":"https:\/\/zaf.web.id\/blog\/wp-json\/wp\/v2\/posts\/981\/revisions"}],"predecessor-version":[{"id":990,"href":"https:\/\/zaf.web.id\/blog\/wp-json\/wp\/v2\/posts\/981\/revisions\/990"}],"wp:attachment":[{"href":"https:\/\/zaf.web.id\/blog\/wp-json\/wp\/v2\/media?parent=981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zaf.web.id\/blog\/wp-json\/wp\/v2\/categories?post=981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zaf.web.id\/blog\/wp-json\/wp\/v2\/tags?post=981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}