ASP Classic+MSSQL: Database hacked. Help, please!

C

Cosinus

Perch
Hello,

I have three classic ASP sites hosted, using a MS-Sql database. Now I see that the data in the database has been hacked, data was overwritten with some scripts links (""></title><script src="http://urlremoved.com/sl.php"></script><!--").

As I wrote the ASP scripts I was very careful - as my knowledge goes - to avoid SQL injections. I chek every Response.Querystring paramater, logins are checked trough a sql procedure, and so on. I simply cannot understand how somebody can overtake the database. I even run Acunetix vulnerability scanner, which was ok...

I would like to ask you for some ideeas. I can imagine that without having more details you can not tell me more, but I'm willing to share any information that might be helpful.

Do you please have any ideeas for me?
 
It is very possible there is just one page with one minor issue that allowed this, is this hosted with us? Do you know the date/time approx this happened?

I can certainly work to try and help you find if you know that and it is hosted here.

BTW I removed the URL, it is loading blank now but could be malware.
 
Hello, Stephen, thank you for your kindness.

Sorry, thought that the link would show just as plain text in the forum, didn't intended to load the script.

Yes, the sites are hosted with Jodohost. There are three sites using different tables in one database, so it could be any page in anyone of them. Yes, I know, it's a bad thing, but it's inherited since old times when I could have only one MS-SQL database. I'm working now to separate the eggs in multiple baskets.

The incident happened... well, because I don't know to which time zone I should convert, I'll say it in this way: anytime between 25 hours and 9 hours before the timestamp of this post.

I also don't know if it's ok to give you the sites on this public way, but you can remove them:
removed

Best regards,
Cosmin
 
I got it, and saved my side while checking, will reply by PM to you.

Do you need us to restore SQL DB?
 
You must log in or register to reply here.
Back
Top