Fraas
asked on
someone hack my site
hi all
my website is developed by ASP.NET
but someone uploaded an ASP file to my site (1.asp) , but I don't know how he upload that file :(
and that file give him full control over my site :(
I am sure there are no ability for SQL Injection because all the transactions with the database made by Stored Procedures
any one can help me with information what the problem could ?? how can I check my website if there's any bug I don't now it ?
I thing that file uploaded by hacking software !!
thanks in advance
my website is developed by ASP.NET
but someone uploaded an ASP file to my site (1.asp) , but I don't know how he upload that file :(
and that file give him full control over my site :(
I am sure there are no ability for SQL Injection because all the transactions with the database made by Stored Procedures
any one can help me with information what the problem could ?? how can I check my website if there's any bug I don't now it ?
I thing that file uploaded by hacking software !!
thanks in advance
Do you have form on your site? Text boxes for users to enter information and submit? Are you cleansing the input from these to prevent scripts from being entered and submitted?
ASKER
thanks for replay
actually we use our own script , and also our own CMS , and all our password are Complex , plus I am the only one how can access to the CMS
and also the HTML forms are protected from entering any script or SQL injection because I am using Stored Procedure for all the transaction with the Database
the problem now , I need to know , how that person or Software uploaded that asp file ??
what should I consider to prevent any one from hacking my website ?
thanks again
actually we use our own script , and also our own CMS , and all our password are Complex , plus I am the only one how can access to the CMS
and also the HTML forms are protected from entering any script or SQL injection because I am using Stored Procedure for all the transaction with the Database
the problem now , I need to know , how that person or Software uploaded that asp file ??
what should I consider to prevent any one from hacking my website ?
thanks again
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are you using Sql Parameters in your stored procedures? Are you using regex expressions or some other method to limit the characters that can be entered into text boxes?
I use Backtrack and appscan for vulnerability check
1. Nessus (Linux if you can) http://www.nessus.org/nessus/
2. Nikto (Linux) http://www.cirt.net/nikto2
3. Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4. Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5. SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6. MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
http://en.wikipedia.org/wiki/BackTrack
http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf
7. AppScan from IBM
http://www-01.ibm.com/software/awdtools/appscan/
AppScan Enterprise centralized control with advanced application scanning, remediation capabilities, executive security metrics and dashboards, key regulatory compliance reporting and seamless integration with the desktop version. AppScan Enterprise Edition provides:
* Scalable, enterprise architecture that enables centralized scanning of multiple applications simultaneously
* Intelligent fix recommendations to ease the process of remediation once security vulnerabilities have been identified and validated
* Ability to scans Web sites for both embedded malware and links to malicious or undesirable sites to ensure your Web site is not infecting visitors or directing them to unwanted or dangerous sites without their knowledge
* Continuous monitoring and aggregation of metrics to ensure remediation and trend improvement over time
1. Nessus (Linux if you can) http://www.nessus.org/nessus/
2. Nikto (Linux) http://www.cirt.net/nikto2
3. Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4. Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5. SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6. MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
http://en.wikipedia.org/wiki/BackTrack
http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf
7. AppScan from IBM
http://www-01.ibm.com/software/awdtools/appscan/
AppScan Enterprise centralized control with advanced application scanning, remediation capabilities, executive security metrics and dashboards, key regulatory compliance reporting and seamless integration with the desktop version. AppScan Enterprise Edition provides:
* Scalable, enterprise architecture that enables centralized scanning of multiple applications simultaneously
* Intelligent fix recommendations to ease the process of remediation once security vulnerabilities have been identified and validated
* Ability to scans Web sites for both embedded malware and links to malicious or undesirable sites to ensure your Web site is not infecting visitors or directing them to unwanted or dangerous sites without their knowledge
* Continuous monitoring and aggregation of metrics to ensure remediation and trend improvement over time
It's hard to give you advice when we don't know
much about your current setup. What are the versions of IIS, Operating system are you running? Also you say you use your own script. Can you elaborate on that as well as the CMS system. Like was the system made with managed or unmanaged code, does it have input validation, had it been stress tested, too many to list here.... Also have you checked your logs to check for injection attempts on web traffic?
much about your current setup. What are the versions of IIS, Operating system are you running? Also you say you use your own script. Can you elaborate on that as well as the CMS system. Like was the system made with managed or unmanaged code, does it have input validation, had it been stress tested, too many to list here.... Also have you checked your logs to check for injection attempts on web traffic?
ASKER
Just because I need to close the question
Well you never answered my questions. I never got to the chance to help you, since you didn't answer. Oh well!
1) First of all change your all Password to more Complex like (alphabetic, numeric and special character in password).
2) have you given access right to anyone ?
3) have you given access rights to anonymous ?
4) have you reveal your password in your any html pages ?
5) remove 1.asp file or rename that file and check this file called from any of your pages...