Intrusion Exploit
Server: LiteSpeed
System: Linux cisadane.iixcp.rumahweb.net 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
User: lenf4658 (1805)
PHP: 8.4.19
Disabled: NONE
$ pwd: /home/lenf4658/access-logs/
Upload Files
File: //home/lenf4658/access-logs/lensapedia.id
20.166.9.204 - - [04/Apr/2026:19:19:49 +0700] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 795 "-" "-"
20.166.9.204 - - [04/Apr/2026:19:19:50 +0700] "GET /wp-Blogs.php HTTP/1.1" 301 795 "-" "-"
20.166.9.204 - - [04/Apr/2026:19:19:50 +0700] "GET /wpb.php HTTP/1.1" 301 795 "-" "-"
20.166.9.204 - - [04/Apr/2026:19:19:51 +0700] "GET /ftde.php HTTP/1.1" 301 795 "-" "-"
20.166.9.204 - - [04/Apr/2026:19:19:51 +0700] "GET /less.php HTTP/1.1" 301 795 "-" "-"
178.128.100.171 - - [04/Apr/2026:19:53:07 +0700] "GET /wakwak-jujur-janggal.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
178.128.100.171 - - [04/Apr/2026:19:57:21 +0700] "GET /wakwak-jujur-janggal.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
178.128.100.171 - - [04/Apr/2026:20:03:52 +0700] "GET /wakwak-jujur-janggal.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
178.128.100.171 - - [04/Apr/2026:20:07:00 +0700] "GET /wakwak-jujur-janggal.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
178.128.100.171 - - [04/Apr/2026:20:16:15 +0700] "GET /wakwak-jujur-janggal.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
178.128.100.171 - - [04/Apr/2026:20:37:44 +0700] "GET /wakwak-jujur-janggal.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
178.128.100.171 - - [04/Apr/2026:20:45:39 +0700] "GET /wakwak-jujur-janggal.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
178.128.100.171 - - [04/Apr/2026:20:47:07 +0700] "GET /wakwak-jujur-janggal.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
178.128.100.171 - - [04/Apr/2026:20:47:22 +0700] "GET /wakwak-jujur-janggal.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
178.128.100.171 - - [04/Apr/2026:20:52:59 +0700] "GET /wakwak-jujur-janggal.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
178.128.100.171 - - [04/Apr/2026:20:55:44 +0700] "GET /wakwak-jujur-janggal.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
2.58.56.116 - - [04/Apr/2026:22:02:24 +0700] "GET /txets.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2.58.56.116 - - [04/Apr/2026:22:02:24 +0700] "GET /wp-content/txets.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2.58.56.116 - - [04/Apr/2026:22:02:25 +0700] "GET /wp-includes/widgets/txets.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2.58.56.116 - - [04/Apr/2026:22:02:25 +0700] "GET /wp-includes/rest-api/txets.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2.58.56.116 - - [04/Apr/2026:22:02:26 +0700] "GET /wp-includes/blocks/post-template/txets.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2.58.56.116 - - [04/Apr/2026:22:02:27 +0700] "GET /wp-admin/txets.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2.58.56.116 - - [04/Apr/2026:22:02:27 +0700] "GET /wp-includes/txets.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2.58.56.116 - - [04/Apr/2026:22:02:28 +0700] "GET /schallfuns.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
2.58.56.116 - - [04/Apr/2026:22:02:28 +0700] "GET /postnews.php HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
101.32.15.141 - - [04/Apr/2026:22:44:29 +0700] "GET / HTTP/1.1" 301 795 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1"
43.165.67.57 - - [04/Apr/2026:22:59:59 +0700] "GET / HTTP/1.1" 301 795 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1"
81.70.247.174 - - [04/Apr/2026:23:07:59 +0700] "GET /ip HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
1.92.211.3 - - [04/Apr/2026:23:07:59 +0700] "GET /ip HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
140.206.235.75 - - [04/Apr/2026:23:07:59 +0700] "GET /ip HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
180.153.197.188 - - [04/Apr/2026:23:07:59 +0700] "GET /ip HTTP/1.1" 301 795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
@ Telegram