1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A web hack script advice

Discussion in 'Scripting & Programming' started by piccadilly, Jul 16, 2009.

  1. piccadilly

    piccadilly Byte Poster

    100
    1
    17
    Hi there

    As anyone heard of a hack called fly(somthing).In ?

    A friend web site was hacked with it. His backend Sql server dbase had this line of script in each of the rows of data.
    I'm looking for prevention methods.

    Reg

    Picc
     
  2. dazza786

    dazza786 Megabyte Poster

    758
    30
    67
    no idea what that is.. but get him to recheck his webcode for sql injection possibilities
     
    Certifications: MCP (271, 272, 270, 290, 291, 621, 681, 685), MCDST, MCTS, MCITP, MCSA, Security+, CCA(XA6.5)
  3. jk2447

    jk2447 Petabyte Poster Moderator

    5,484
    354
    249
    using input validation can prevent sql injection attacks. The underlying OS needs to be secured tho so, oh I don't know, lock the ports down, install latest service packs/hotfixes. I'm sure Google can give him what he needs

    **Edit: Sorry I couldn't put more, revising for 2 exams tomorrow!
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    SQL Injection is the most common method used for attacking websites with database back-ends (e.g. pretty much any useful website). Sadly, the vast majority of SQL Injection attacks can be prevented by sanitising data input by users and patch vigilance.

    Tell him to clean his code
     
    Certifications: A few
    WIP: None - f*** 'em
  5. piccadilly

    piccadilly Byte Poster

    100
    1
    17
    Well his website gets alot of hits, though his code is old asp.net 1.1.

    Creating a new website with better code will take him time. What would you recommend for him to do to keep his web presents, while he spends 3/4 months building a more stable website?
     
  6. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Its 'presence' not 'presents' ! Tell him to give his presents to me !:D

    1. Change his code to use prepared statements / parameterised statements / stored procedures.

    2. Alter validation routines to only allow the minimum allowed input.

    3. Consider a general intercepting filter to remove generally invalid text input characters that might be used for SQL injection or cross site scripting attacks.

    4. Ensure the database account that the application is using has the absolute minimum permissions.

    5. Ensure the server is backed up and in a DMZ.

    http://msdn.microsoft.com/en-us/library/ms998271.aspx

    http://dotnet.dzone.com/news/aspnet-preventing-sql-injectio

    Loads of info about protecting your site online.
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  7. jk2447

    jk2447 Petabyte Poster Moderator

    5,484
    354
    249
    That depends. If he'd loose a couple of grand a day being offline then no, patch it up best you can. If he won't loose a fortune, then definitely. He's been hacked once, possibly by a kid and once they know they can get on, they will return.

    Ideal scenario, get it down ASAP. There could be more damage done next time. Better to have a planned outage than an unexpected outage! If he takes it down he can just throw a basic page up saying we'll be back, upgrades etc
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  8. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    If hes got sensitive customer data he should take it down ASAP, should of sorted it years back, could be in deep trouble for not taking adequate precautions to protect his customers privacy otherwise.
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  9. piccadilly

    piccadilly Byte Poster

    100
    1
    17
    Well his resources are limited due to his work comittments etc.

    However his website is popular, but as I said, the code is old, and vunerable. He's not the best coder, hobbiest.

    I guess he will just have to working on a new site in his spare time, but first he'll need to keep his old old partically alive. His customers won't be happy either way, or his managers.
     
  10. jk2447

    jk2447 Petabyte Poster Moderator

    5,484
    354
    249
    Oh great point, if there is customer details stored on there he hasn't really got a choice, data protection and all that.

    Just hope he's got a good back-up/recovery strategy then. . . .
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV

Share This Page

Loading...