ASP Classic+MSSQL: Database hacked. Help, please!

Discussion in 'Microsoft Development' started by Cosinus, Dec 1, 2011.

  1. Cosinus

    Cosinus Perch

    Hello,

    I have three classic ASP sites hosted, using a MS-Sql database. Now I see that the data in the database has been hacked, data was overwritten with some scripts links (""></title><script src="http://urlremoved.com/sl.php"></script><!--").

    As I wrote the ASP scripts I was very careful - as my knowledge goes - to avoid SQL injections. I chek every Response.Querystring paramater, logins are checked trough a sql procedure, and so on. I simply cannot understand how somebody can overtake the database. I even run Acunetix vulnerability scanner, which was ok...

    I would like to ask you for some ideeas. I can imagine that without having more details you can not tell me more, but I'm willing to share any information that might be helpful.

    Do you please have any ideeas for me?
  2. Stephen

    Stephen US Operations Staff Member

    It is very possible there is just one page with one minor issue that allowed this, is this hosted with us? Do you know the date/time approx this happened?

    I can certainly work to try and help you find if you know that and it is hosted here.

    BTW I removed the URL, it is loading blank now but could be malware.
  3. Cosinus

    Cosinus Perch

    Hello, Stephen, thank you for your kindness.

    Sorry, thought that the link would show just as plain text in the forum, didn't intended to load the script.

    Yes, the sites are hosted with Jodohost. There are three sites using different tables in one database, so it could be any page in anyone of them. Yes, I know, it's a bad thing, but it's inherited since old times when I could have only one MS-SQL database. I'm working now to separate the eggs in multiple baskets.

    The incident happened... well, because I don't know to which time zone I should convert, I'll say it in this way: anytime between 25 hours and 9 hours before the timestamp of this post.

    I also don't know if it's ok to give you the sites on this public way, but you can remove them:
    removed

    Best regards,
    Cosmin
  4. Stephen

    Stephen US Operations Staff Member

    I got it, and saved my side while checking, will reply by PM to you.

    Do you need us to restore SQL DB?
  5. Cosinus

    Cosinus Perch

    Thank you.

    No, I already got them restored by submitting a ticket. Database is ok - for now :)

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services