Selasa, 21 Oktober 2008

IP ADDRESS, WHOIS, & SUBDOMAIN www.detik.com, www.okezone.com, www.itb.ac.id

Tugas Keamanan Informasi Sistem Lanjut
Isnain Fikriansyah, NIM 23208059 - Magister Chief Information Officer - STEI ITB

1. IP Address web server dengan nslookup

Untuk mencari IP address dari web server www.detik.com, www.okezone.com, www.itb.ac.id penulis menggunakan ‘nslookup’ pada windows, yang hasilnya bisa dilihat pada gambar berikut ini.


2. Whois, DNS, dan IP Addrees Web dengan www.whois.domaintools.com

Untuk mencari kepemilikan (whois, Domain Name Server, dan IP address web dari www.detik.com, www.okezone.com, www.itb.ac.id penulis menggunakan tool http://whois.domaintools.com seperti gambar dibawah ini.

Dari pencarian menggunakan tool tersebut di atas, didapat data sebagai berikut :

a. www.detik.com

inetnum : 202.158.66.0 - 202.158.66.255
netname : CBN-DETIK-NETBLOCK
descr : DetikCom
descr : Aldevco Octagon Building - Lantai 2
descr : Jl. Warung Buncit Raya No.75
descr : Jakarta Selatan 12740
country : ID
admin-c : CH57-AP
tech-c : CH57-AP
mnt-by : NOC-MAINT-CBN-APNIC
status : ASSIGNED NON-PORTABLE
changed : hostmaster@cbn.net.id 20060619
source : APNIC

person : CBNnet Hostmaster
nic-hdl : CH57-AP
e-mail : hostmaster@cbn.net.id
address : PT. Cyberindo Aditama
address : Manggala Wanabakti IV 6th Floor
address : Jl. Gatot Subroto, Senayan
address : Jakarta 10270 - Indonesia
phone : +62-21-5799-4500
fax-no : +62-21-574-2481
country : ID
changed : hostmaster@cbn.net.id 20060518
mnt-by : NOC-MAINT-CBN-APNIC
source : APNIC

b. www.okezone.com

inetnum : 202.147.192.0 - 202.147.207.255
netname : INFOKOM
descr : Infokom Elektrindo, inc
descr : Telecommunication and Information Provider
descr : Jakarta
country : ID
admin-c : IA11-AP
tech-c : IH14-AP
mnt-by : MNT-APJII-ID
mnt-lower : MAINT-ID-INFOKOM
changed : hostmaster@apjii.or.id 20020930
changed : hostmaster@apjii.or.id 20021231
changed : hostmaster@apjii.or.id 20040213
status : ALLOCATED PORTABLE
remarks : spam and abuse report : abuse@apjii.or..id, abuse@infokom.id
source : APNIC

role : INFOKOM ADMIN
address : Infokom Eletrindo, PT.
address : Bimantara building 26th floor
address : Jl. Kebun Sirih
address : Jakarta Pusat
country : ID
phone : +62-21-3929925
fax-no : +62-21-3929935
e-mail : hostmaster@infokom.net
trouble : spam and abuse report : abuse@infokom.net
trouble : technical and routing : support@infokom.net
trouble : administrative request : admin@infokom.net
admin-c : MH42-AP
tech-c : MH42-AP
nic-hdl : IA11-AP
remarks : Infokom Admin role object
notify : hostmaster@infokom.net
mnt-by : MAINT-ID-INFOKOM
changed : mhanif@infokom.net 20040121
source : APNIC

role : INFOKOM HOSTMASTERS
address : Infokom Eletrindo, PT.
address : Elektrindo building 10th floor
address : Jl. Kuningan Barat 8
address : Jakarta 12710
country : ID
phone : +62-21-526-0610
fax-no : +62-21-526-0620
e-mail : hostmaster@infokom.net
trouble : spam and abuse report : abuse@infokom.net
trouble : technical and routing : support@infokom.net
trouble : hostmasters : hostmaster@infokom.net
admin-c : MH42-AP
tech-c : MH42-AP
nic-hdl : IH14-AP
remarks : Infokom hostmasters role object
notify : hostmaster@infokom.net
mnt-by : MAINT-ID-INFOKOM
changed : hostmaster@apjii.or.id 20040121
source : APNIC

c. www.itb.ac.id

OrgName : Asia Pacific Network Information Centre
OrgID : APNIC
Address : PO Box 2131
City : Milton
StateProv : QLD
PostalCode : 4064
Country : AU

ReferralServer: whois://whois.apnic.net
NetRange : 167.205.0.0 - 167.205.255.255
CIDR : 167.205.0.0/16
NetName : APNIC-ERX-167-205-0-0
NetHandle : NET-167-205-0-0-1
Parent : NET-167-0-0-0-0
NetType : Early Registrations, Transferred to APNIC
Comment : This IP address range is not registered in the ARIN database.
Comment : This range was transferred to the APNIC Whois Database as
Comment : part of the ERX (Early Registration Transfer) project.
Comment : For details, refer to the APNIC Whois Database via
Comment : WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment : ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment : for the Asia Pacific region. APNIC does not operate networks
Comment : using this IP address range and is not able to investigate
Comment : spam or abuse reports relating to these addresses. For more
Comment : help, refer to http://www.apnic.net/info/faq/abuse
RegDate : 2003-07-23
Updated : 2003-08-06

OrgTechHandle : AWC12-ARIN
OrgTechName : APNIC Whois Contact
OrgTechPhone : +61 7 3858 3188
OrgTechEmail : search-apnic-not-arin@apnic.net

== Additional Information From whois://whois.apnic.net ==

inetnum : 167.205.0.0 - 167.205.255.255
netname : BANDUNG-NET
descr : Institut Teknologi Bandung
descr : Jl. Ganesha 10
descr : Bandung 40132
country : ID
admin-c : IA20-AP
tech-c : BS121-AP
tech-c : AB281-AP
status : ALLOCATED PORTABLE
mnt-by : APNIC-HM
mnt-lower : MAINT-ID-ITB
changed : hm-changed@apnic.net 20060914
changed : hm-changed@apnic.net 20060915
source : APNIC

person : Intan Ahmad
address : ITB.NET
address : PT Jala Widya Caraka
address : Sekretariat AIII-ITB, IUC Building 4th. Floor
address : Jl. Ganesha 10 Bandung 40132
country : ID
phone : +62-22-251-2982
fax-no : +62-22-251-2982
e-mail : noc@jalawave.net
nic-hdl : IA20-AP
mnt-by : MAINT-ID-ITBNET
changed : hostmaster@apjii.or.id 20011031
source : APNIC

person : Basuki Suhardiman
address : ITB.NET
address : PT Jala Widya Caraka
address : Sekretariat AIII-ITB, IUC Building 4th Floor
address : Jl. Ganesha 10 Bandung 40132
country : ID
phone : +62-22-251-2982
fax-no : +62-22-251-2982
e-mail : basuki@itb.ac.id
nic-hdl : BS121-AP
mnt-by : MAINT-ID-ITBNET
changed : hostmaster@apjii.or.id 20020605
source : APNIC

person : Affan Basalamah
nic-hdl : AB281-AP
e-mail : noc@itb.ac.id
address : Sekretariat AIII-ITB, IUC Building 4th. Floor
address : Jl. Ganesha 10 Bandung 40132
phone : +62-22-2512982
fax-no : +62-22-2512982
country : ID
changed : affan@itb.ac.id 20060912
mnt-by : MAINT-ID-ITB
source : APNIC

3. Mencari subdomain www.itb.ac.id

Untuk mencari subdomain www.itb.ac.id penulis menggunakan program UNIX yang dijalankan dengan menggunakan OS Ubuntu. Beberapa daftar subdomain www.itb.ac.id, adalah sebagai berikut :

a. akademic.itb.ac.id

b. alumni.itb.ac.id

c. antivirus.itb.ac.id

d. art.itb.ac.id

e. astronomy.itb.ac.id

f. biotech.itb.ac.id

g. comlabs.itb.ac.id

h. datacenter.itb.ac.id

i. ejournal.itb.ac.id

j. ftp.itb.ac.id

k. ganesha.itb.ac.id

l. kepegawaian.itb.ac.id

Diposting oleh di 1 komentar:

Minggu, 19 Oktober 2008

Program Error

Pada kesempatan kali ini Saya ingin menunjukkan aplikasi program berbasis web yang error ketika dimasukkan karakter atau nilai yang aneh kedalam form isian, contohnya Form Login, Guest book, komentar dan lainnya.

Program errror yang Saya buat adalah aplikasi guest book dengan menggunakan database Mysql dan menggunakan script PHP. File PHP yang dibuat terdiri dari dua File, yaitu gsbook,php dan view.php. Saya mengambil referensi dari http://altes.deltaploterindo.com/index.php?view=artikel&code=10002.

A. Database yang dibuat pada mysql dibuat dengan nama guestbook dan nama tabelnya login, dengan struktur sebagai berikut :

1. `id` int(11) NOT NULL auto_increment,

2. `sender` varchar(100) NOT NULL default '',

3. `comment` text NOT NULL,

4. `posted` varchar(30) NOT NULL default '',

5. PRIMARY KEY (`id`)

Print screen dari database mysql bisa dilihat pada gambar berikut.

A. File PHP yang dibuat untuk menjalankan aplikasi guest book ini ada dua, yaitu :
  1. File gsbook.php dengan script sebagai berikut
<script language="javascript">
function smile(y)
{
espressione=document.form_gsbook.message.value;
new_espressione=espressione + y;
document.form_gsbook.message.value=new_espressione;
}
</script>

<?php

$_POST=$HTTP_POST_VARS;

$error = ''; // error message
$sender = ''; // sender's name
$message = ''; // the message itself

if(isset($_POST['submit']))
{
$sender = trim(strip_tags($_POST['sender']));
$message = trim(strip_tags($_POST['message']));

if(trim($sender) == '')
{
$error = '<div class="errormsg2">Please enter your name!</div>';
}
else if(trim($message) == '')
{
$error = '<div class="errormsg2">Please enter your message!</div>';
}
if($error == '')
{
if(get_magic_quotes_gpc())
{
$message = stripslashes($message);
}
$conn = mysql_connect("", "root", "");
mysql_select_db("guestbook",$conn);

$date = date("M d, Y H:i:s");
$perintah = "INSERT INTO login(`sender` , `comment` , `posted` )
VALUES ('$sender', '$message', '$date');";
$hasil = mysql_query($perintah);
if($hasil)
{
echo "<h2>Terima kasih atas komentar anda !</h2>";
echo "<meta http-equiv=\"refresh\" content=\"1;url=./view.php\">";
}
else
{
echo "<h2>Komentar anda gagal di simpan, eror pada server !</h2>";
echo "<meta http-equiv=\"refresh\" content=\"1;url=./gsbook.php\">";
}
}
}

if(!isset($_POST['submit']) || $error != '')
{
?>

<!--Error Message-->
<?=$error;?>

<p><h1>GUESTBOOK ISNAIN FIKRIANSYAH</h1></p>
<form name="form_gsbook" method="post" onsubmit="return jcap();" action="">
<table width="0" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="100">Sender</td>
<td width="10">:</td>
<td>
<input name="sender" type="text" id="sender" value="<?=$sender;?>"> </td>
</tr>
<tr>
<td>Comment</td>
<td>:</td>
<td width="200"><textarea name="message" cols="35" rows="5" id="message"><?=$message;?></textarea></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="20%" height="25"><img src="emoticons/yahoo_brokenheart.gif" width="18" height="18" onClick="smile(' [brokenheart]')" title="brokenheart"></td>
<td width="20%"><img src="emoticons/yahoo_bye.gif" width="18" height="18" onClick="smile(' [bye]')" title="bye"></td>
<td width="20%"><img src="emoticons/yahoo_callme.gif" width="28" height="18" onClick="smile(' [callme]')" title="callme"></td>
<td width="20%"><img src="emoticons/yahoo_coffee.gif" width="18" height="18" onClick="smile(' [coffee]')" title="coffee"></td>
<td><img src="emoticons/yahoo_cry.gif" width="22" height="18" onClick="smile(' [cry]')" title="cry"></td>
</tr>
<tr>
<td height="25"><img src="emoticons/yahoo_devil.gif" width="18" height="18" onClick="smile(' [devil]')" title="devil"></td>
<td><img src="emoticons/yahoo_ghost.gif" width="18" height="18" onClick="smile(' [ghost]')" title="ghost"></td>
<td><img src="emoticons/yahoo_kiss.gif" width="18" height="18" onClick="smile(' [kiss]')" title="kiss"></td>
<td><img src="emoticons/yahoo_party.gif" width="38" height="18" onClick="smile(' [party]')" title="party"></td>
<td><img src="emoticons/yahoo_rotfl.gif" width="30" height="18" onClick="smile(' [rotfl]')" title="rotfl"></td>
</tr>
</table></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td>
<input name="hapus" type="reset" id="hapus" value="Hapus">
<input name="submit" type="submit" id="submit" value="Simpan" onclick="return checkForm();"> </td>
</tr>
</table>
</form>
<?php
}
?>

2. File view.php. dengan script sebagai berikut
<a href="gsbook.php">Isi GSBook </a>
<h2>List guestbook</h2>
<?php
$conn = mysql_connect("", "root", "");
mysql_select_db("guestbook",$conn);

$perintah = "SELECT * FROM login ORDER BY sender DESC";
$hasil = mysql_query($perintah);
$no=1;
while($baris = mysql_fetch_row($hasil))
{
$msg = $baris[2];

$message1 = str_replace('[brokenheart]','<img src="emoticons/yahoo_brokenheart.gif" border="0">',$msg);
$message2 = str_replace('[bye]','<img src="emoticons/yahoo_bye.gif" border="0">',$message1);
$message3 = str_replace('[callme]','<img src="emoticons/yahoo_callme.gif" border="0">',$message2);
$message4 = str_replace('[coffee]','<img src="emoticons/yahoo_coffee.gif" border="0">',$message3);
$message5 = str_replace('[cry]','<img src="emoticons/yahoo_cry.gif" border="0">',$message4);
$message6 = str_replace('[devil]','<img src="emoticons/yahoo_devil.gif" border="0">',$message5);
$message7 = str_replace('[ghost]','<img src="emoticons/yahoo_ghost.gif" border="0">',$message6);
$message8 = str_replace('[kiss]','<img src="emoticons/yahoo_kiss.gif" border="0">',$message7);
$message9 = str_replace('[party]','<img src="emoticons/yahoo_party.gif" border="0">',$message8);
$message10 = str_replace('[rotfl]','<img src="emoticons/yahoo_rotfl.gif" border="0">',$message9);

echo "$no
<table width=\"400\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">
<tr>
<td height=\"25\">Sender : $baris[1]</td>
<td align=\"right\">$baris[3]</td>
</tr>
<tr>
<td colspan=\"2\">$message10</td>
</tr>
</table><br>";
$no++;
}
?>

Setelah database dibuat dan script PHP selesai, tampilan program aplikasi guestbook dapat dilihat sebagai berikut :


Setelah aplikasi dijalankan kemudian kolom sender dan comment diisi dengan karakter yang biasa digunakan, aplikasi dapat berjalan dan melakukan penyimpanan dengan sukses. Setelah penulis mencoba memasukkan karakter yang aneh dan banyak, aplikasi tidak berhasil melakukan penyimpanan data baru. Karakter dan tampilan aplikasi ketika diinput karakter aneh dan setelah dieksekusi bisa dilihat pada gambar berikut.

Sender : aaaaa (sebanyak 19.320 karakter)

Comment : salam kenal (sebanyak 19.320 karakter)




Berdasarkan percobaan di atas, program aplikasi guestbook tersebut ternyata tidak bisa melakukan penyimpanan karakter terlalu banyak.

Diposting oleh di 1 komentar:
Langganan: Postingan (Atom)