Dear Customer,
We are going to share some tips regarding sql injection.
Before you are going to post a ticket or come on live chat or post on forum, you can find cause why your website/database was hacked.
There are a the few tools of great help, you need to download tool http://www.baremetalsoft.com/baretail/ it's free, and very useful for reading logs of small to large size.
In addition Microsoft has released a tool for searching your ASP code for SQL Injection vulnerablities. It can be found here:
http://www.microsoft.com/downloads/...6E-A599-4FCB-9AB4-A4334146B6BA&displaylang=en
Microsoft has also published an article outlining methods to prevent SQL Injections in your code here:
http://www.microsoft.com/downloads/...6E-A599-4FCB-9AB4-A4334146B6BA&displaylang=en
If you do not take the steps to fix your code, you WILL continue to get hacked, and if no attempt is made to correct code we will have to reserve the right to stop restoring the database over and over. We do understand that if you are making changes and new injection vulnerable code is found a restore may be needed, but you must make and effort to correct the code to prevent the injections from continued abuses on your site. A vast number of tickets in the last days have been regarding DB restores, many of them coming back again and again even after providing with the logs of vulnerable pages; such tickets cause all other issues to have a slower response and causes a backup in queue for all other users.
So we ask that you please work WITH us in this matter to get your code corrected and allow us to be able to answer all requests in a timely manner by checking your HTTP logs and reviewing your code before asking for a DB restore. If the code is not corrected you may simply get hit again within minutes as there are so many hit coming to sites that are known to be vulnerable to injection.
NOTE: We are offering only last five days backup, will not be able to provide you with month old backups. Some people have been able to remove the injected code from their tables without a restoration needed. If you are unsure of your code corrections fixing the injection vulnerability or not you may ask for us to hold the backup for a week, or request a copy of the good pre injection state DB for your own safekeeping as well.
______________________________________________
Also note that we have ongoing client discussion regarding this matter in the following thread, feel free to join in:
http://support.jodohost.com/showthread.php?t=12442
http://support.jodohost.com/showthread.php?t=12246
http://support.jodohost.com/showthread.php?t=12287
We are going to share some tips regarding sql injection.
Before you are going to post a ticket or come on live chat or post on forum, you can find cause why your website/database was hacked.
There are a the few tools of great help, you need to download tool http://www.baremetalsoft.com/baretail/ it's free, and very useful for reading logs of small to large size.
In addition Microsoft has released a tool for searching your ASP code for SQL Injection vulnerablities. It can be found here:
http://www.microsoft.com/downloads/...6E-A599-4FCB-9AB4-A4334146B6BA&displaylang=en
Microsoft has also published an article outlining methods to prevent SQL Injections in your code here:
http://www.microsoft.com/downloads/...6E-A599-4FCB-9AB4-A4334146B6BA&displaylang=en
If you do not take the steps to fix your code, you WILL continue to get hacked, and if no attempt is made to correct code we will have to reserve the right to stop restoring the database over and over. We do understand that if you are making changes and new injection vulnerable code is found a restore may be needed, but you must make and effort to correct the code to prevent the injections from continued abuses on your site. A vast number of tickets in the last days have been regarding DB restores, many of them coming back again and again even after providing with the logs of vulnerable pages; such tickets cause all other issues to have a slower response and causes a backup in queue for all other users.
So we ask that you please work WITH us in this matter to get your code corrected and allow us to be able to answer all requests in a timely manner by checking your HTTP logs and reviewing your code before asking for a DB restore. If the code is not corrected you may simply get hit again within minutes as there are so many hit coming to sites that are known to be vulnerable to injection.
NOTE: We are offering only last five days backup, will not be able to provide you with month old backups. Some people have been able to remove the injected code from their tables without a restoration needed. If you are unsure of your code corrections fixing the injection vulnerability or not you may ask for us to hold the backup for a week, or request a copy of the good pre injection state DB for your own safekeeping as well.
______________________________________________
Also note that we have ongoing client discussion regarding this matter in the following thread, feel free to join in:
http://support.jodohost.com/showthread.php?t=12442
http://support.jodohost.com/showthread.php?t=12246
http://support.jodohost.com/showthread.php?t=12287