0

My ASP website got hack (due to sql injection). I left the site long ago with some sample db connection code. And few weeks ago i discovered some random file uploaded in my file manager conntaining ascii encoded scripts which redirects to some Russian gambling site, so i removed all of my code from the site it was empty except aspnet_client directory which had nothing. Today again i discovered same type of html files so i rushed to my ftp logs and there was no surprise the listed IPs were mine. So i have no idea how somebody is uploading files which sql injection and ftp access. And please give me any other measures that needs to be taken post hacking. Thank you

Vivek Raj
  • 459
  • 5
  • 16
  • You can use the Captcha to submit the form to prevent sql injection. – Deepak.Aggrawal Jun 11 '13 at 05:00
  • My question is how to stop hacker from uploading html files even when i have removed all the files that might be subjected to SQL Injection. – Vivek Raj Jun 11 '13 at 05:05
  • SQL injection only occurs when you have a database, and it affects the database, not your file system. (Hence the name; it injects SQL.) There are other ways of getting files to your computer without FTP (remote desktop, whatever mechanism UNC paths use). I'm not security a expert, but it sounds like the entire system has been compromised. They may have your passwords, there could be a virus on the machine, all sorts of nastiness. My advice is to wipe the machine and set it back up with new passwords. – jpmc26 Jun 11 '13 at 05:05
  • how can i wipe out hosting company's (hostgator) machine. – Vivek Raj Jun 11 '13 at 05:07
  • Oh. Contact your hosting company and tell them that your site/machine is compromised. Tell them what you told us and ask them to help you. – jpmc26 Jun 11 '13 at 05:08
  • 1
    @Deepak.Aggrawal Captchas do absolutely not prevent SQL injections. – Gumbo Jun 11 '13 at 05:09
  • 1
    are you using a shared server? cause if you deleted all files there's a high chance that the hacker is using another vulnerable website present on the same server as your website to access the server and thus leading to accessing your website directory. – Reyno Jun 11 '13 at 08:37

2 Answers2

3

Just to make it clear, there are a million ways someone could gain access to your website files.

But as an attempt to narrow it down, I'd say either the hacker have your FTP username/password or they're using another vulnerable website on the same server as your website to gain access to the server itself and thus gaining access to all the websites present on that server, including yours.

To answer your question regarding what post-hacking measures can be takes, you've already taken down all of your files so I'd just be careful with my code before i re-upload it.

It's very important to contact your web hosting company and let them know what happened so they can investigate this and probably trace the vulnerability and patch it.

There's always the option of getting a dedicated server instead of a shared one for more security if cost isn't important. Your website will be the only website on the server making it safer from other vulnerable websites (if indeed another website "IS" the cause of the hack).

Reyno
  • 583
  • 13
  • 28
1

See Are Parameters Really Enough to Prevent SQL Injections. Also, there are other ways to create files besides uploading via PHP (assuming one of your "trusted" IPs isn't infected). If the hacker has access to ASP, it's simple to create, read, and write files. If the hacker has access to your server, (and perhaps login credentials), s/he can also trivially create files, depending on the file & folder permissions.

Check your web server logs as well for any suspicious activities. You can also try looking at any vulnerable programs, mail server logs, firewall logs, router logs, etc. Keep in mind, you should try to keep your server as secure as possible. If you have your own server, don't use it for day-to-day activities (i.e. browsing the web, checking email, etc.

Community
  • 1
  • 1
BLaZuRE
  • 2,356
  • 2
  • 26
  • 43
  • Thanks, I had multiple tabs open and I copy and pasted the wrong link. I edited my answer. – BLaZuRE Jun 11 '13 at 05:14
  • At no point i have specified my server login in my web application.I had web.config with db logins but my db cannot be accessed until IP is white-listed. am going contact CC. any clean tips. – Vivek Raj Jun 11 '13 at 05:57