Doing some testing, currently, and running into some issues with this. We've got a couple cases where things like 'cast' or 'open' are appropriate for our webpages. I've setup an AlwaysAllowedQueryStrings section: [AlwaysAllowedQueryStrings] branch=Openshaw branch=Newcastle+upon...

Rovastar, I can confirm that the workaround that KentZhou posted works. I have included below the contents of the RuleList section in the UrlScan.ini as I have it in my test box. After changing the rule though I issued an iisreset /restart command before I tested so the UrlScan.ini's settings were...

Hi, Im a System Administrator of a Hosting Company, and one of our website has been hacked with SQL injection, At first the hacker inserted nihaorr1.com/1.js most of the website table are being affected with this attacked, after that incident I developed a SQL validation that is similar on the asp script...

Hi, Im a System Administrator of a Hosting Company and one of our website has been hack with SQL injection, At first the hacker inserted nihaorr1.com/1.js most of the website table are being affected with this attacked, after I created that a created a SQL validation like one that you have posted in...

Hi, The use of this script at pointing to nihaorr1.com is only the latest method of attack used by this attacker. This guy has been hacking at a clients web site for a long time and usually does so through various proxy servers. For those looking for a tool to view IIS log files, check out this program...

This thread will contain the latest information regarding recent reports that have surfaced stating that web sites running on Microsoft’s Internet Information Services (IIS) 6.0 have been compromised. These reports allude to a possible vulnerability in IIS or issues related to Security Advisory 951306...

I would advise anyone affected by this attack to activate the SQL profiler (or equivalent) and set it to record only EXEC commands. If your website then becomes infected again you can quickly scroll through the profiler output and find the "suspicious" command where the injection has entered...