	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

8.5

Injection attack??

Asked by RustyRazor in Miscellaneous Security, Server Applications, Active Server Pages (ASP)

Tags: Server virus

Hi All:

My site gets attacked every 3 days or so. The attack takes the form of a line appended to each .asp, .htm, and .js file, which more or less reads as:

<script src=xxx.php></script>

where xxx is a call to some other domain. I've made sure the all public form input is sanitized, especially SQL queries. There doesn't appear to be any untoward activity in my site-programmed logs. My web host doesn't seem to have a clue. From what I've read about javascript and SQL injections, including what's in this site, I'm not convinced that this is an injection attack. I believe my host is running a Mircosoft server with IIS, but I can provide other details based upon your responses.

This is pretty annoying to say the least and I'm hoping some of the sages subscribed here can point me in the right direction.

View the Solution FREE for 30 Days

20091021-EE-VQP-81 - Hierarchy / EE_QW_3_20080625

Hall of Fame

1. carrzkiss718,829
2. sybe272,601
3. hielo204,696
4. angelIII168,338
5. x_com106,709
6. R_Harrison101,107
7. ryancys98,848
8. b0lsc0tt95,363
9. jkdt007792,607
10. neeraj52388,506
11. apresto74,890
12. DanielWilson72,330
13. samic40067,360
14. rg2063,580
15. gawai62,650
16. acperkins61,340
17. golfDoctor58,470
18. sunithnair53,765
19. govindaraj...52,288
20. kevp7550,675
21. Badotz49,125
22. DarthSonic47,300
23. daveamour46,990
24. abel46,728
25. _Stilgar_44,034

1. fritz_the...3,975,430
2. alorentz1,929,293
3. amit_g1,339,338
4. hielo1,238,653
5. b0lsc0tt939,845
6. hongjun922,466
7. ap_sajith921,034
8. kevp75918,733
9. WMIF899,748
10. angelIII894,363
11. sybe837,816
12. jitganguly786,812
13. carrzkiss722,769
14. acperkins721,448
15. peh803684,060
16. ryancys679,899
17. neeraj523631,204
18. Silvers5625,555
19. carl_tawn600,110
20. GaryC123576,347
21. apresto525,417
22. golfDoctor520,113
23. SquareHead517,787
24. deighc466,721
25. gladxml429,512

Injection attack??

Asked by RustyRazor in Miscellaneous Security, Server Applications, Active Server Pages (ASP)

Tags: Server virus

About this solution