asked on

Injection attack advice?

I have a number of legacy sites written in Classic ASP using a SQL Server 2008 Database.

Recently they have been targetted with what I presume is an Injection attack - altering the script on the home page to show spam. Luckily this is the extent of the attack.

I set up a script to record the IP address, page name and query string (URL arguments) of each request.

When it last happened I reviewed the results and there is nothing out of the ordinary - I was expecting some SQL appended to the URL but there is nothing obvious.

The last time, I replaced all files andI have also checked and there isn't an extra file present.

What else can I monitor or investigate?

Regards
Kevin Russell

Eyal

you didn't mentioned what kind of attack so I assume you experience XSS attack

https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

Eyal

attacks can also be made from forms/ajax calls

also I would recommend to change your passwords

ASKER CERTIFIED SOLUTION

Daniel Wilson

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Fairweather_Web

ASKER

Thanks chaps. The code that was inserted into my home page just broke the code which threw an error. How can I check to see how my file is being rewritten?

Kevin

SOLUTION

Eyal

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Fairweather_Web

ASKER

...on a Reseller Hosting account.

Eyal

change FTP passwords
change SQL password
check all inputs in code
htmlencode all outputs

Fairweather_Web