Injection attack advice?
I have a number of legacy sites written in Classic ASP using a SQL Server 2008 Database.
Recently they have been targetted with what I presume is an Injection attack - altering the script on the home page to show spam. Luckily this is the extent of the attack.
I set up a script to record the IP address, page name and query string (URL arguments) of each request.
When it last happened I reviewed the results and there is nothing out of the ordinary - I was expecting some SQL appended to the URL but there is nothing obvious.
The last time, I replaced all files andI have also checked and there isn't an extra file present.
What else can I monitor or investigate?
Regards
Kevin Russell
Recently they have been targetted with what I presume is an Injection attack - altering the script on the home page to show spam. Luckily this is the extent of the attack.
I set up a script to record the IP address, page name and query string (URL arguments) of each request.
When it last happened I reviewed the results and there is nothing out of the ordinary - I was expecting some SQL appended to the URL but there is nothing obvious.
The last time, I replaced all files andI have also checked and there isn't an extra file present.
What else can I monitor or investigate?
Regards
Kevin Russell
Last Comment
attacks can also be made from forms/ajax calls
also I would recommend to change your passwords
also I would recommend to change your passwords
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks chaps. The code that was inserted into my home page just broke the code which threw an error. How can I check to see how my file is being rewritten?
Kevin
Kevin
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
...on a Reseller Hosting account.
change FTP passwords
change SQL password
check all inputs in code
htmlencode all outputs
change SQL password
check all inputs in code
htmlencode all outputs
ASKER
It turns out that my Reseller Server was infected - an ARP atack?
Thanks for your help.
Thanks for your help.
ASKER
The problem turned out to be on my server rather than the code
ASP
Active Server Pages (ASP) is Microsoft’s first server-side engine for dynamic web pages. ASP’s support of the Component Object Model (COM) enables it to access and use compiled libraries such as DLLs. It has been superseded by ASP.NET, but will be supported by Internet Information Services (IIS) through at least 2022.
82K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet