Search results

Just an update, I believe the script injection problem described in this thread is the result of the Grumblar exploit, which Jodo as just alerted us about here: http://support.jodohost.com/showthread.php?t=16921 This page [blog.unmaskparasites.com], which describes the exploit, shows a...

I had a non-WP site hacked with an iframe exploit, may be related, maybe not. http://support.jodohost.com/showthread.php?t=16472

Sorry to hear about this - and I don't want to hijack the thread, but are there any ongoing problems with Cluster 2? I've actually moved a couple of more important clients there because speeds seem better from here (Australia) when using Cluster 2 servers. Though I must say Win5 on Cluster 2...

Interesting situation. Two things occur to me: 1. arihantjain requested a cancellation of his reseller account *before* backing up client's data, making sure they all work with his new provider, etc. He relies on the word of a support guy (no offence;)) that his account will remain active for...

Ah, nice to put a face to the name. I assumed it was a generic stock photo, but just thought I'd ask. :) But where's your poncho? :)

It's been proven the brunettes are more effective sales devices. :)

I've fixed it, by removing the use of ADODB.Stream and writing everything directly to Response.Write. Perhaps there's a weird glitch using Response.Write(objStream.ReadText). Perhaps the way IE uses connections causes the script to end and the objStream object to be discarded by ASP before...

Has anyone a clue about this? I wrote a web app which has been working perfectly for ages. It creates a CSV file of some data and sends it to the browser in response to a POSTed form. Suddenly the download is "stalling" in IE, but completes perfectly fine in Firefox. This happens on my...

Not with mine, unfortunately. FP was always off. hmm!

Done :)

Exactly. If my case, I must admit the FTP username & password was guessable if they tried permutations of some key words & numbers. It's hard to imagine that - hundreds of failed FTP login attempts would show up in the server log. I've just checked the client's folders, and found a .htaccess...

However all those methods require *some* use of input, either from querystrings or forms. In this case, there isn't. The site doesn't use querystrings of any kind. Simple structure is: default.asp aboutus.asp contactus.asp etc.. Each page includes an ASP script containing a couple of simple...

Hope I'm not missing something I should know, but what's "asp injection"? If you mean "SQL injection", there's no SQL backend or indeed any forms of any kind at all on my client's site. That's why I'm so befuddled.

Hey Mark, many thanks for taking the time to post that here. Please let us know what you find. My client actually had 2 script blocks inserted, perhaps as part of 2 separate campaigns at different times. The first iframe pointed to "you-found-it.org/index.php". The second was...

Thanks for the comprehensive reply Stephen. Cool, I'll let it go this time - I've changed the CP & FTP passwords to something more cryptic (it was actually pretty lame before) :) If it happens again, I'll let you know.

Ok, first time this has happened to a client of mine. Very curious HOW this happened. It's a very basic site - ASP pages but no functional content. Not even a contact form! How could someone inject code into the default.asp file??! This is the code that was injected, at the top of the...

Fair enough. Your speedy support guys have just given me a new login for the db so I can see it in Mgmt Studio. Yay! I'm happy now and can work with that, thanks. :hail: :dance:

Is it possible perhaps to implement VPN for all outside connections to your SQL servers? There's a local company here in Perth which does that, it's very effective. [ed] At least then the attacks will hit your VPN server, while the SQL servers can safely disappear behind your DMZ. At least...

Thank you Stephen, that's a relief at least. Though I gather from your "tone" that you're not planning to change your policy. :P

Let me correct my last post - it's not a great inconvenience, it's a major pain in the a$$. Seriously. I just tried using TOAD for SQL. It's a fantastic db manager, kicks EM out of the water, which really isn't a big feat anyway. But it won't work on Jodo's SQL servers, because of this...