Database being changed / Invaded

Navigation
4

I do not know if I can ask this question here, otherwise I can ask you to suspend the question, or let me know that I will delete it.

For the second time I ran into Bank invaded. Almost all the text fields of all the bank tables have been added the following code at the end of the records: 

</title>
<style>
    .ao0n {
        position: absolute;
        clip: rect(470px,auto,auto,470px);
    }
</style>
<div class="ao0n">quick <a href="http://ironpaydayloans.com">payday loans</a> with small commissions</div>
</title><style>
            .ao0n {
                position: absolute;
                clip: rect(470px,auto,auto,470px);
            }
        </style><div class="ao0n">quick <a href="http://ironpaydayloans.com">payday loans</a> with small commissions</div>
</title><style>
            .alry {
                position: absolute;
                clip: rect(410px,auto,auto,410px);
            }
        </style><div class="alry">A payday to get <a href="http://paydayloansforsure.com">fast payday cash loans</a> source you into them.</div>
</title><style>
            .alry {
                position: absolute;
                clip: rect(410px,auto,auto,410px);
            }
        </style><div class="alry">A payday to get <a href="http://paydayloansforsure.com">fast payday cash loans</a> source you into them.</div>
</title><style>
            .auj {
                position: absolute;
                clip: rect(441px,auto,auto,441px);
            }
        </style><div class="auj">A much a limited <a href="http://proofpaydayloans.com">payday loans</a> of that banks payday loan.</div>
</title><style>
            .auj {
                position: absolute;
                clip: rect(441px,auto,auto,441px);
            }
        </style><div class="auj">A much a limited <a href="http://proofpaydayloans.com">payday loans</a> of that banks payday loan.</div>

I wanted to know if anyone has ever had this problem, or know why. And how can I solve this problem.

    
asked by anonymous 05.08.2014 / 16:25

4 answers

9

Well come on!

By the comments I have a strong guess, you are passing variables to your aspx, and this nowadays is a malignant port of entry, the hackers simply get your variable, in your case your variable id e begin to insert arbitrary codes of select/insert/update this is called sql-injection , one alternative is to totally abolish GET , the other is simply to filter out any unexpected input into your variables.

You need to have greater control of your logs, all successful attempts or will not be in your logs on the http server (ISS, Apache, etc.), waste some time analyzing these logs they will tell you where, what aspx was attacked and used as a bridge to enter values improperly.

Also check your bank's logs, look for different IP's that should not be accessed.

Check your firewall and make sure your database does not have external access, if necessary close communication only to the required and trusted ips / domains.

    
05.08.2014 / 16:44
3

This really looks like SQL Injection attack. The problem per se is not the get but dynamic SQL, which mounts the on the fly script. Sanitize data helps but there are hacker techniques of passing quotes using the ASCII code for example. so the best way to avoid this type of attack is to parameterize your queries.

If you really need to use dynamic SQL and you use MS Sql try searching for "parametrized dynamic queries" (I believe other DBMSs have something equivalent). (In the worst case you will exchange your queries for stored procedures)

If you use parameters in your queries you will prevent them from being hacked. Another thing I see that you are trying to exploit is JS script injection but here is another attack.

Edit

I found a reference in StackOverflow (for PHP + MySql) not by chance parameterizing is still the best solution

link

    
13.08.2014 / 16:02
2

Dude this is an injection you have to do a treatment before writing to the database if this will not happen always if you work with layers you can treat in the controller if you do not change your method to post and make a validation in the fields of the request before to insert into the bank.

    
05.08.2014 / 16:43
1

Dear, Make sure there are no suspicious files in your hosting, as well as verify the security of the forms. I had a problem similar to my hosting (Locaweb) and I believe what generated this was an invasion of their servers, because there is no vulnerability found in our system.

    
13.08.2014 / 15:37
Validate phone number with optional ninth digit Verify Connection Existence with MySQL in PHP