Welcome to WebmasterWorld Guest from 34.229.126.29

Forum Moderators: ocean10000

Message Too Old, No Replies

help site hacked!

what did they do?

     
9:56 pm on Jan 28, 2008 (gmt 0)

Full Member

10+ Year Member

joined:June 17, 2003
posts:208
votes: 0


mysite just got hacked an hour ago, i checked my stats & saw they were looking for this "inurl:.asp?id=" and then i saw that my asp page rediret to some other site that says hacked by.. you know the rest.

did this [hacker] put something in my code (site)? or is it a matter of my hosting company server security? i called them and they said they will recover the site by backup but how can i prevent this from happening?

p.s i dont know much about asp.

thanks

[edited by: phranque at 2:33 am (utc) on Jan. 29, 2008]
[edit reason] filter tripped [/edit]

12:27 pm on Jan 29, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:Dec 10, 2007
posts:507
votes: 0


Have you any scripts that can be hijacked?

Or any admin panels that are easily accesible?

1:41 pm on Jan 29, 2008 (gmt 0)

Full Member

10+ Year Member

joined:June 17, 2003
posts:208
votes: 0


I'm not very familiar with asp, I just tried to see throght ftp if any files were recently changed (date) none were that I could find. I dont know where to start looking on my site file to see how he got in.
5:21 pm on Jan 30, 2008 (gmt 0)

Junior Member

10+ Year Member

joined:June 8, 2007
posts:76
votes: 0


your hosting company should be able to guide you on this

do you know what scripts you are using php? asp?.....is it possible the hosting company could have been hacked?

8:28 am on Jan 31, 2008 (gmt 0)

Full Member

10+ Year Member

joined:June 17, 2003
posts:208
votes: 0


my host sent me an email today, they said it was a SQL injection attack so i have to find out how to stop it from happening again.
12:43 pm on Jan 31, 2008 (gmt 0)

Junior Member

10+ Year Member

joined:June 8, 2007
posts:76
votes: 0


Somewhere you have information being read or written to your SQL Server database that you might be using to interact with the web interface.
(e.g. via forms or logins to forums)

Check the SQL syntax in your ASP pages. The best would be to convert any SQL statements to stored procs so that hackers cannot introduce further SQL statements to compromise security.

Hope this helps

4:35 pm on Jan 31, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 24, 2005
posts:965
votes: 0

1:56 am on Feb 1, 2008 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:11681
votes: 205


a recent thread in this forum on avoiding SQL injection attacks [webmasterworld.com] has several links to MSDN documents on the subject.
8:43 pm on Feb 2, 2008 (gmt 0)

Preferred Member from GB 

10+ Year Member

joined:Jan 26, 2004
posts:636
votes: 0


if you do the asp scripting yourself i would advise that you write something to protect youself by blocking the ' for starters. I wrote one that blocked everything apart from numeric / alpha and + & = and space. Thus being very strict.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members