Malware Related > Compromised Servers

bla.php script added to website

<< < (2/3) > >>

SysAdMini:
Can you tell us the url of your site ?

Maybe we could find the vulnerability.

100%Agave:
Yes it is http://www.bareboard.com.

When I say that there is no database attached, that is not exactly, literally correct.  There is now a separate application that does have a database but it has only been there for about 1 - 2 weeks and is not in it's final form.

I checked the database and went through all of the tables but did not find anything that would have been added onto any of the fields.  I am still not clear on what I am supposed to be looking for, but thought maybe it would be the EXEC statement added onto the data in a field.

If that is not right, could you point me in the right direction?

Thanks again.

Orac:
I see your using; MicrosoftOfficeWebServer: 5.0_Pub

Personaly iam only familar with *nix servers and cant comment about M$officewebserver.

All i can suggest is that you make sure all your server software is fully uptodate and patched with all available fixes from M$.

SysAdMini:
You run a IIS server and told us, that infections have already occured before you had installed a database.
So we can exclude a SQL injection attack.

I couldn't detect anything suspicious at your site. Are you sure that your server is fully patched ?

100%Agave:
Thanks.  As far as I know that server is patched and up to date.  I will check to be sure.  We do not do automatic updates because if the server auto restarts it causes problems for the customers.

The server in question should be IIS6 because it is windows server 2003.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version