Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 320
  • Last Modified:

Injection attack advice?

I have a number of legacy sites written in Classic ASP using a SQL Server 2008 Database.

Recently they have been targetted with what I presume is an Injection attack - altering the script on the home page to show spam. Luckily this is the extent of the attack.

I set up a script to record the IP address, page name and query string (URL arguments) of each request.

When it last happened I reviewed the results and there is nothing out of the ordinary - I was expecting some SQL appended to the URL but there is nothing obvious.

The last time, I replaced all files andI have also checked and there isn't an extra file present.

What else can I monitor or investigate?

Regards
Kevin Russell
0
Fairweather_Web
Asked:
Fairweather_Web
  • 4
  • 4
2 Solutions
 
EyalCommented:
you didn't mentioned what kind of attack so I assume you experience XSS attack

https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
0
 
EyalCommented:
attacks can also be made from forms/ajax calls

also I would recommend to change your passwords
0
 
Daniel WilsonCommented:
If replacing your ASP files removed the spam, it's not a SQL injection attack.  You should, of course, guard against that, but that doesn't appear to be the current problem.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Fairweather_WebAuthor Commented:
Thanks chaps. The code that was inserted into my home page just broke the code which threw an error. How can I check to see how my file is being rewritten?

Kevin
0
 
EyalCommented:
1) firewall
2) IIS logs
0
 
Fairweather_WebAuthor Commented:
...on a Reseller Hosting account.
0
 
EyalCommented:
change FTP passwords
change SQL password
check all inputs in code
htmlencode all outputs
0
 
Fairweather_WebAuthor Commented:
It turns out that my Reseller Server was infected - an ARP atack?

Thanks for your help.
0
 
Fairweather_WebAuthor Commented:
The problem turned out to be on my server rather than the code
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now