 |
 | Client site HACKED, not SQL Injection |  |
|
dstoltz
|
|
Folks,
I'm not sure how this attack is done, but I've reported it to HMS, and hopefully they find a fix... You've all seen the SQL Injection attacks that insert script junk malware into your varchar and text columns, right? Well, now I have a client site that was hacked, not sure how, but similar script tags were found as the last line of all web pages IN THE ACTUAL code of all pages named "default.asp". Yes, it was inserted after the </body> tag. Doesn't this mean they had access to the file system?!?!? Which would mean it's a virus or the like on HMS servers, no? Can anyone explain how this can happen? I've since removed the script tags, but I have no idea how to prevent it from happening again. PS - How do I check the web logs on HMS server? PSS - Why doesn't HMS add hardware to help protect against all these attacks? Thanks!!! |
|||||||||||
|
|||||||||||||
 |
| |
|
Josh
Forum Regular
|
|
As far as getting log access, if you don't currently have it already, you can get read only access to the logs simply by submitting a support ticket. You can download them and parse them however you wish.
Then alittle light should be shed on the entire ordeal, so long as you have an idea about what you're looking for. |
|||||||||||
|
|||||||||||||
|
| Hack | |
|
dstoltz
|
|
According to HMS, as far as they can tell so far (and they are still looking into it), it looks like a vulnerbility of the "File System Object exploit with IIS6 and ASP"
Josh - this is a good example of adding hardware protection, since this is not the fault of the developer (me  and no code I wrote could have prevented this.
But there are many devices out there that could have prevented this. Don't get me wrong, I LOVE HMS. I host all my sites, and all my client sites here...and I have no plans of changing. But due to the nature of the web, I would encourage any hosting company to take measures to help prevent these kinds of attacks. Thanks! |
|||||||||||
|
|||||||||||||
|
| |
|
Josh
Forum Regular
|
|
I'm curious... can you provide me with one example of a network device that blocks the FSO exploit?
|
|||||||||||
|
|||||||||||||
|
| never mind | |
|
dstoltz
|
|
Josh -
This isn't worth arguing about, based on the other posts. Seeing how you can't even acknowledge that being a developer, having extra protection is a good thing, it's not worth pursuing this discussion. |
|||||||||||
|
|||||||||||||
|
| |
|
Josh
Forum Regular
|
|
I was genuinely interested in whether you had found a device that blocks an FSO exploit. I can't seem to locate one.
|
|||||||||||
|
|||||||||||||
|
 | Client site HACKED, not SQL Injection | |
|
||
|
|
|