Author Topic: My site was injected  (Read 11669 times)

0 Members and 1 Guest are viewing this topic.

August 21, 2008, 12:28:15 pm
Read 11669 times

unleashedpsycho

  • Newbie

  • Offline
  • *

  • 5
Hello all,
          I'm a newbie to SQL injection some of the sites that are hosted at my IIS server was infected too..

I managed to remove few scripts but now it seems it's everywhere....

My question to you all is that is it my fault or the coders fault?? and how can i prevent it?? :-[

I've uploaded the scriptes that i've come accross at the following link..

h++p://mihd.net/1amwleo

h++p://mihd.net/s6owxa3



Thank you very much in advance... :)

August 21, 2008, 03:25:48 pm
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
By making sure the scripts and software on your server is up to date would be the best method to prevent infections/sql injections. You need to establish what software is vulnerable. Firstly patch the software, then clean up any malicious code.

What is your website?

August 22, 2008, 05:47:44 am
Reply #2

unleashedpsycho

  • Newbie

  • Offline
  • *

  • 5
By making sure the scripts and software on your server is up to date would be the best method to prevent infections/sql injections. You need to establish what software is vulnerable. Firstly patch the software, then clean up any malicious code.

What is your website?
sir JohnC the web site is (can i get ur email so that i can send it to you)

Thank you very much for replying....

August 22, 2008, 04:20:28 pm
Reply #3

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
You can send it to me through a private message, it will be quicker: http://www.malwaredomainlist.com/forums/index.php?action=pm;sa=send;u=1

Thanks.

August 28, 2008, 06:10:50 am
Reply #4

unleashedpsycho

  • Newbie

  • Offline
  • *

  • 5
Sir JohnC,
            Very sorry for the late reply.. Hope you got the mess.
 Situation here is very ugly. Just found out that another page just got injected.. :-[

Thank you very much for your help.

August 28, 2008, 11:20:54 pm
Reply #5

Darigold

  • Newbie

  • Offline
  • *

  • 3
Well if they are using SQL Injection against you I would say it would be whoever coded your site. To prevent this you need to make sure you never have user input directly embedded in SQL statements. Instead, the user input MUST be escaped or filtered or better yet use parameterized statements and then there is a lot less worry. Wikipedia actually has a nice article on it and I have provided a link below.

http://en.wikipedia.org/wiki/SQL_injection

Let me know if you need to know anymore.

August 29, 2008, 07:02:58 am
Reply #6

unleashedpsycho

  • Newbie

  • Offline
  • *

  • 5
Well if they are using SQL Injection against you I would say it would be whoever coded your site. To prevent this you need to make sure you never have user input directly embedded in SQL statements. Instead, the user input MUST be escaped or filtered or better yet use parameterized statements and then there is a lot less worry. Wikipedia actually has a nice article on it and I have provided a link below.

http://en.wikipedia.org/wiki/SQL_injection

Let me know if you need to know anymore.

Thank you very much for you suggestion...

But now i think it's somekinda JavaScript Injections as the index.html get extra code of scripts.
The examples are above...

Thanks for helping.

September 11, 2008, 09:07:23 pm
Reply #7

Darigold

  • Newbie

  • Offline
  • *

  • 3
Sorry for the delay in my reply. Did you get everything figured out and fixed? I am not sure what you mean by your last post. Do you mean they injected stuff into your current Javascripts or they injected javascripts into your HTML? Either way you're probably going to have to clean them all up in order to not infect others.

September 12, 2008, 09:14:47 am
Reply #8

unleashedpsycho

  • Newbie

  • Offline
  • *

  • 5
Sorry for the delay in my reply. Did you get everything figured out and fixed? I am not sure what you mean by your last post. Do you mean they injected stuff into your current Javascripts or they injected javascripts into your HTML? Either way you're probably going to have to clean them all up in order to not infect others.

Thanks for replying...

Actually they injected javascripts into HTML.

September 15, 2008, 05:31:56 pm
Reply #9

Darigold

  • Newbie

  • Offline
  • *

  • 3
Yeah, simply remove those, change to parameterized SQL statements and change your passwords just in case and you should be good. Your box should be running a good AV which might have caught some of these JS files.