Hi All. I have a security problem in my website. A script code was added into my all pages like "<script src="Ip address/viewpic.asp"></script>" . It is between </head> and <body> tag. Now Google says "this site may be hartful for your pc!" about my site. How can i secure my website? I use C# and Visual Studio 2008.
views:
86answers:
2
A:
Edit: Assuming that the script is your own and not malicious:
You should not have any code between </head> and <body> - Otherwise you have got a <script> tag as a direct child of <html> which is not allowed.
Put the <script> tag inside <body> at the correct place where you want the script to execute, to correct the structural issue but you need to provide some more information about the exact error messages you are seeing about security as I'm not aware that Google shows error messages within its search listings and I dont have Google Toolbar installed to know what that does; but I don't believe it has typos in it ;)
So please provide more information about the exact security warnings once you've fixed - and validated (with the W3C Validator) - the structure of your HTML.
Edit: If the script is not intended to be there and has appeared outside of your desire: Have a look in the HTML source where the script is present; and compare to your own ASPX pages to find out where the script is appearing. If it is being rendered by one of your controls you need to examine where the value is coming from. If it is a database, you need to focus your attention on what gets the information into the DB in the first place. If the script is injected and not into one of your controls then you should talk to your ISP I would think.
bgs264
2010-04-28 13:28:02
It sounds like the script that's injected in his page is not his, and that script is a bad script hosted elsewhere. This isn't a programming question, it's a sysadmin question.
Joe
2010-04-28 13:31:29
You are right Joe. What should i do?
Mehmet Kaleli
2010-04-28 13:33:54
-1 i have no idea how this relates to this guy's site getting hacked.
Rook
2010-04-28 14:58:23
I misunderstood the question and assumed he had inserted the script himself since it was relative to his own site, that it was in the wrong place, and the site was generating errors. If this is not the case and it was injected then, are there any .net controls which are having their text set to the injected script? Question needs more detail.
bgs264
2010-04-28 15:05:48
@bgs264 Google would not throw that error because of a standards issue and this post wouldn't have a "security" tag.
Rook
2010-04-28 15:16:21
@bgs264 you need to delete this post it has nothing to do with this question.
Rook
2010-04-28 15:20:27
+2
A:
You have been hacked. This code that has been added to your site is trying to hack web browsers that visit your site.
This could have happened a number of ways. The easist thing for you to do is to download an anti-virus like AVG and scan any machines with access to the site. There is malware that looks for FTP connections, it grabs the username/password then logs in and modifies files it finds. You should be using SFTP which can be installed under windows, FTP is only used by people who don't know any better or love to get hacked, or both.
The more complex possibility is that there is a vulnerability in your site. This requires a professional (Like me) to track down and fix. Acunetix can help find flaws in your site, but this might not find the vulnerability that was used to break in.
Rook
2010-04-28 15:02:43
95% of the time the problem is with a custom PHP script - in which case the only defense is to teach your programmers (yourself) about security practices.
BlueRaja - Danny Pflughoeft
2010-04-28 15:11:14
@BlueRaja The Green Unicorn I have cleaned up defaced site before and there are multiple worms that are spreading via FTP, it is also the easiest fix and that's why it is 1st. Acunetix will find errors in custom asp/php/C# code.
Rook
2010-04-28 17:02:20