[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 476
  • Last Modified:

Database Update Security

I have a database update facility, updating a website with images and text. The updating is restricted to a couple of people (customers). The database has been interfered  with -  text changed and images removed for supporting folder.

The setup includes a secure folder on the server I use -  challenging for a UN/PW to access the editor. I have checked with the Server people and they confirm that I have set it up correctly and that everything is correct at their end. The suggest the hacking occurs at the backend.

I notice that the server 'challenge window' contains a warning - see attached image

Server people say the problem is not theirs, but that someone accessed the editor through the backend - I do not understand this. I am attaching an image, which says that the server is requesting that un/pw be sent in an insecure manner.

I am  using Coldfusion 9
The database is msaccess server challenge window
This is the link to the editor
 http://cannes-beaux-arts.com/abac_new/security/EditingFacility.cfm

Many thanks for any help. server challenge window
0
jameskane
Asked:
jameskane
  • 5
  • 3
1 Solution
 
foofraggerCommented:
What is your security settings like?

 I received a similar error when I enter a page that is running https, but logging in unencrypted ....
0
 
jameskaneAuthor Commented:
Thanks for reply foofragger,

This will show my amateur status !!!   Can you say more about your question ?
0
 
jameskaneAuthor Commented:
http://localhost:8500/ABAC_New/FORM%20TEXTAREA/FORM_update_journalPages.cfm?title=seven

Foofragger, after a bit  of reading, here is where my thoughts are :

Problem occurs during an update session, where updater has successfully accessed the update facility in the server. Perhaps the update connection has been left on by the updater.

The relating hacking is some sort of 'sql injection'  - you see at the top the method of accessing the database via the user clicking a specific page.

Maybe the solution is as simple as making sure the editor is disconnected after an editing session - which should only last for around 30 minutes.

??

James
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
SidFishesCommented:
Well, I'm not going to go to your site as it's been compromised but you might want to have a look at an old blog post of mine

http://sidfishes.wordpress.com/2009/03/17/60/

I'd start at the bottom of the post & work your way up.

Run scrubbr agaisnt your db to clean up existing problems
run scrawlr oor sql inject me to find out where the vulnerability is

then head to your code and use some of the tips at the top of the article, especially using cfqueryparam
0
 
jameskaneAuthor Commented:
Thanks SidFishes, I just ran scrawlr and got no vunerabilities. I have been using cfqueryparam religiously, which probably explains why.

I note the warning message on the login page (with IE, but not with Firefox) as per image attached above. But that is not mentioned on scrawlr.

The Server people tell me that I have set up the login correctly. So, maybe its just that the updater left the editor connection live and that allowed access by some hacker ?
0
 
SidFishesCommented:
from IE7 & up, directory basic authentication will -by design- give you this warning.

 It's basic because Uname & pwd are sent in the clear. If someone was monitoring traffic they could have sniffed the password to the directory. This wouldn't necessarily need any db access. They could simply get to the folder and delete files. However, if you've used -your- un/pwd combination for testing and it's the same as the un/pwd combination for the admin interface or db, then the hackers would not have needed SQLi - they would simply log in as you. This is all a guess, but it is a definite possibility.


That being said, you should run scrubbr to make sure your db is not compromised and change your un/pwd.
0
 
jameskaneAuthor Commented:
Many thanks for your time SidFishes

One last follow on - My server company does backups, so I got back to a database just before the corruption happened. I am using that now. Is is necessary to run scrubbr in this situation ?  I have already changed the un/pw.

James
0
 
SidFishesCommented:
I would as i'd be nervous about when the problem started. Could have happened long before anything was actually done. Hackers often use bots to compromise sites which are flagged for "personal attention" which may take some time to get to.
0
 
jameskaneAuthor Commented:
Ah, I see - ok I will do the scrubbing !!

Lots of thanks once again,

james
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now