Hi, Im a System Administrator of a Hosting Company and one of our website has been hack with SQL injection, At first the hacker inserted nihaorr1.com/1.js most of the website table are being affected with this attacked, after I created that a created a SQL
validation like one that you have posted in this forum unfortunately the hacker inserted again a malicious URL on the MS SQL database what I did is I include the validation for all database driven pages to make the website secured but at this time the hacker
can insert the script again and again. I think the hacker is using a problem that you executing this kind of hacking activity. please advise what else can I do with this problem. thanks
security risksASPsql injectionnihaorr1.comasp code to filter sql injectionvalidationsql injection injection filter code asp cint integers
Hi, Im a System Administrator of a Hosting Company, and one of our website has been hacked with SQL injection, At first the hacker inserted nihaorr1.com/1.js most of the website table are being affected with this attacked, after that incident I developed a
SQL validation that is similar on the asp script that you posted in this forum unfortunately the hacker inserted again a malicious URL on the MS SQL database what I did is I include the validation for all database driven pages to make the website secured
but at this time the hacker can insert the script again and again. I think the hacker is using a problem that you executing this kind of hacking activity. please advise what else can I do with this problem. thanks
security risksASPsql injectionnihaorr1.comasp code to filter sql injectionvalidationsql injection injection filter code asp cint integers
i have had a run in with this injection and i have created serveral scripts to clean a database of injection as long as it has not truncated over data. if people need help hit me up.
You can stop the SQL attacks with an ISPI filter called "WebKnight" which is a freebie. It will among other things, watch for the string length on the forms and if it exceeds X number of characters, it blocks it. It will also look for embedded commands etc.
This has stopped the attacks against our servers for the past three weeks. The company name is "Aqtronix" http://www.aqtronix.com/?PageID=99
The number of infected Web pages spiked to 282,000 in the past day, and appears to be growing. Network managers can check to see whether their Web pages are infected with the iFrame code by looking for a specific code string in the source code of the Web
page associated to an iFrame tag. The string is <script src=http://www.nihaorr1.com/1.js>, according to the security vendor.The worst part of it all is that these infestations are not in seamy Web sites, they are taking place in legitimate Web pages. An IFRAME
redirects the user to another page, where identity-stealing malware is downloaded onto their computer. So even users who think they are staying clean are not safe. The malicious page scans the visitors machine to find ways to compromise the visitors machine.
Exploits are then downloaded and used to infected the redirected visitor based on the
information found on the scan.
ejhay
2 Posts
Re: Anyone know about www.nihaorr1.com/1.js?
May 22, 2008 02:08 AM|LINK
Hi, Im a System Administrator of a Hosting Company and one of our website has been hack with SQL injection, At first the hacker inserted nihaorr1.com/1.js most of the website table are being affected with this attacked, after I created that a created a SQL validation like one that you have posted in this forum unfortunately the hacker inserted again a malicious URL on the MS SQL database what I did is I include the validation for all database driven pages to make the website secured but at this time the hacker can insert the script again and again. I think the hacker is using a problem that you executing this kind of hacking activity. please advise what else can I do with this problem. thankssecurity risks ASP sql injection nihaorr1.com asp code to filter sql injection validation sql injection injection filter code asp cint integers
ejhay
2 Posts
Re: Anyone know about www.nihaorr1.com/1.js?
May 22, 2008 02:11 AM|LINK
Hi, Im a System Administrator of a Hosting Company, and one of our website has been hacked with SQL injection, At first the hacker inserted nihaorr1.com/1.js most of the website table are being affected with this attacked, after that incident I developed a SQL validation that is similar on the asp script that you posted in this forum unfortunately the hacker inserted again a malicious URL on the MS SQL database what I did is I include the validation for all database driven pages to make the website secured but at this time the hacker can insert the script again and again. I think the hacker is using a problem that you executing this kind of hacking activity. please advise what else can I do with this problem. thankssecurity risks ASP sql injection nihaorr1.com asp code to filter sql injection validation sql injection injection filter code asp cint integers
silkyfixer
10 Posts
Re: Anyone know about www.nihaorr1.com/1.js?
Jun 05, 2008 05:06 AM|LINK
i have had a run in with this injection and i have created serveral scripts to clean a database of injection as long as it has not truncated over data. if people need help hit me up.
silkyfixer
silkyfixer
10 Posts
Re: Anyone know about www.nihaorr1.com/1.js?
Jun 05, 2008 05:07 AM|LINK
oh and i can fix your poorly coded asp pages that are causing it to happen too.
S.
racekites
2 Posts
Re: Anyone know about www.nihaorr1.com/1.js?
Jun 09, 2008 04:30 PM|LINK
does anyone know if the SQL string can contain web encoded characters ?
a dash "-" can also be k does SQL Server know what to do with this or will it throw an error ?
Cheers
A
wybnormal
1 Post
Re: Anyone know about www.nihaorr1.com/1.js?
Jun 20, 2008 09:02 PM|LINK
filter webknight sql injection attack block firewall isapi
kimrennin
1 Post
Re: Anyone know about www.nihaorr1.com/1.js?
Aug 11, 2008 09:55 AM|LINK
The number of infected Web pages spiked to 282,000 in the past day, and appears to be growing. Network managers can check to see whether their Web pages are infected with the iFrame code by looking for a specific code string in the source code of the Web page associated to an iFrame tag. The string is <script src=http://www.nihaorr1.com/1.js>, according to the security vendor.The worst part of it all is that these infestations are not in seamy Web sites, they are taking place in legitimate Web pages. An IFRAME redirects the user to another page, where identity-stealing malware is downloaded onto their computer. So even users who think they are staying clean are not safe. The malicious page scans the visitors machine to find ways to compromise the visitors machine. Exploits are then downloaded and used to infected the redirected visitor based on the
information found on the scan.
---------------------------
kimrennin
steve schofi...
5681 Posts
MVP
Moderator
Re: Anyone know about www.nihaorr1.com/1.js?
Aug 21, 2008 10:43 AM|LINK
URLScan 3.0 was released to help with these types of automated attacks.
http://blogs.iis.net/nazim/archive/2008/08/19/urlscan-v3-0-rtw-released.aspx
Steve Schofield
Windows Server MVP - IIS
http://iislogs.com/steveschofield
http://www.IISLogs.com
Log archival solution
Install, Configure, Forget
silkyfixer
10 Posts
Re: Anyone know about www.nihaorr1.com/1.js?
Aug 22, 2008 03:28 AM|LINK
well one sneaked through my urlscan 3.0 i am still trying to figuare out how they got past the declare statement. can you post your config ?
silkyfixer
steve schofi...
5681 Posts
MVP
Moderator
Re: Anyone know about www.nihaorr1.com/1.js?
Aug 22, 2008 04:19 AM|LINK
Do you have the IIS logs entry that shows the one that squeeked through?
http://www.iislogs.com/urlscan.txt is my config.
Steve Schofield
Windows Server MVP - IIS
http://iislogs.com/steveschofield
http://www.IISLogs.com
Log archival solution
Install, Configure, Forget