SECURITY DEMO This is a simulated injection study page — educational purposes only
CSP: Checking...

Demo Landing Page Injection

Template tiruan untuk mempelajari pola serangan injection pada website. File ini dilindungi CSP + Security Headers yang akan memblokir script asing.

Proteksi Aktif di File Ini

Content-Security-Policy

Block inline script & external JS asing. script-src: 'self' only. XSS injection otomatis dihentikan browser.

.htaccess Rules

Block akses ke file sensitif (env, git, backup), disable directory listing, proteksi SQLi/XSS via ModSecurity jika tersedia.

X-Frame-Options: DENY

Cegah website dimuat dalam iframe — blokir serangan clickjacking yang biasa dipakai attacker redirect user.

Client-Side Detection

detect-injection.js loaded. Memonitor DOM mutation untuk deteksi script injection real-time.

Cara Mendeteksi Website Kena Inject

Cek file mencurigakan:
ls -la public_html/ | grep -E '\.php$|\.js$'

Pantau CSP violation:
document.addEventListener('securitypolicyviolation', ...)

Verifikasi file hash:
sha256sum public_html/index.html

Audit cron job:
crontab -l 2>/dev/null