SQlL Injection

Discussion in 'Databases' started by PGScannell, Jan 20, 2015.

  1. PGScannell

    PGScannell

    I have a serious problem with SQL injection. Somebody has hacked into my database and runs some kind of update set that appends HTML code to many of my long text columns in all of my tables. I have written update triggers for them that look for inclusion of the text and, if found, the update is discarded and an insert into a special log table is made. I can tell you that since last October, there were 2000 such attempts. My log file clearly shows a repeating theme and on 12/25 alone, there were over 1000 attempts to do it.

    Last week I created a brand new table and populated it so the contents could be seen on my website. This morning when I went to my site and at the point where this new data should be displayed was nothing. I checked the table and, sure enough, the hacker had hit it. (I forgot to create a trigger last week when I created the table. I've since remedied the problem and a trigger is in place.)

    My question is, what kind of code is this person running? Where is it located so I might remove it? And, finally, how is he able to get into my database especially since I change the password last year or so??

    This has me stymied...

    Thanks in advance for your help,
    Paul Scannell
     
    PGScannell, Jan 20, 2015
    #1
  2. martino

    martino DiscountASP.NET Staff

    Oh Man Sorry to hear that Paul,

    I have written a blog on how to check for SQL Injections in your site here: http://blog.discountasp.net/how-to-find-sql-injections-using-your-http-logs/

    The above blog will only help if the SQL injection was done via the URL on your site.

    As long as you have access to your HTTP logs you might be able to locate the file on your site that was vulnerable to this type of attack.

    If the attack as via your URL where the person was able to enter query information through a query string this blog post article on how to prevent this from happening to you again might help you out here: http://blog.discountasp.net/how-to-use-request-filtering-to-prevent-sql-injections/

    Also, we provide a SiteLock service to our customers. More about this service can be found here: http://www.discountasp.net/sp_sitelock-website-security.aspx
     
    martino, Jan 20, 2015
    #2
    mjp likes this.

Share This Page