This research examines the impact of a Trojan Backdoor Attack, referred to as a Gacor attack, on the security and service integrity of a private cloud environment based on OwnCloud. The experimental environment was deployed ubuntu server 22.04 using OwnCloud version 10.15.2 and supported by a Mikrotik CCR1016-12G network device. Application level and network level activities were monitored through Apache web server logs and Snort Intrusion Detection System (IDS) version 2.9.15.1, respectively. The investigation adopts the knowledge Understanding assessment defence (KUAD) framework, which structures the analysis into initiation, acquisition, execution, mitigation, and digital evidence disposition stages. The attack scenario focuses on exploiting a file upload vulnerability in the OwnCloud service to deploy and execute a malicious PHP-based Trojan Backdoor. The results show that the Gacor attack demonstrates highly repetitive and centralized behaviour, originate from a limited number of highly active IP addresses. This behaviour exploits weaknesses in application security configuration and results in system takeover and service defacement. Correlation between log analysis and IDS alerts confirms 10 distinct attack events and reveals a structured intrusion pattern rather than random probing activity. The data visualization reveals a structured and centralized attack pattern, resulting in 100% defacement of the OwnCloud index page, which highlights the severe security risk faced by private cloud environments that lack a adequate file upload protection mechanisms. The findings demonstrate that the application of the KUAD method, when combined with log analysis and intrusion detection systems (IDS) is effective in identifying, analyzing, and systematically documenting Trojan Backdoor attacks in private cloud computing environments.
Copyrights © 2026