Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Code Project
CODE PROJECT For Those Who Code
  • Home
  • Articles
  • FAQ
Community
  1. Home
  2. Web Development
  3. ASP.NET
  4. Website is hacked sporadicaly !

Website is hacked sporadicaly !

Scheduled Pinned Locked Moved ASP.NET
databasecsharpasp-netsql-serversysadmin
4 Posts 4 Posters 1 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    D Offline
    devboycpp
    wrote on last edited by
    #1

    Hi and happy new year to westerns. I've a website based on ASP.NET 2 and Sql server 2000 as storage. I use FTP for updating website. Site has a administrators part for content management. The site has been hacked twice since a month ago. Records of some of tables gets deleted . These tables are germane to public webpages not secured parts of the site. and besides some photos from website directories gets deleted. When the site was first hacked I scrutinized directories and found some ASP.NET pages with "aspx" extension placed in some directories. I downloaded those files and check them out. With a cursory look I ascertained that those are programs that analyse the security of sites and faciliate hacking. After the first atack I encrypted my sql server 2000 database user password and placed it in web.config file but the second attack was happened. Site is protected from sql injection attacks. The shell files were deleted from the website after the first attack. Some questions arise here : 1. How those files were placed in the website directories by someone ? 2. Is there anyway to avoid such unwanted upload to website ? 3. How is it possible for hacker to access the database while I have encrypted the password in web.config and site is protected from sql injection attacks. Any solution is highly appreciated.

    L K P 3 Replies Last reply
    0
    • D devboycpp

      Hi and happy new year to westerns. I've a website based on ASP.NET 2 and Sql server 2000 as storage. I use FTP for updating website. Site has a administrators part for content management. The site has been hacked twice since a month ago. Records of some of tables gets deleted . These tables are germane to public webpages not secured parts of the site. and besides some photos from website directories gets deleted. When the site was first hacked I scrutinized directories and found some ASP.NET pages with "aspx" extension placed in some directories. I downloaded those files and check them out. With a cursory look I ascertained that those are programs that analyse the security of sites and faciliate hacking. After the first atack I encrypted my sql server 2000 database user password and placed it in web.config file but the second attack was happened. Site is protected from sql injection attacks. The shell files were deleted from the website after the first attack. Some questions arise here : 1. How those files were placed in the website directories by someone ? 2. Is there anyway to avoid such unwanted upload to website ? 3. How is it possible for hacker to access the database while I have encrypted the password in web.config and site is protected from sql injection attacks. Any solution is highly appreciated.

      L Offline
      L Offline
      luisnike19
      wrote on last edited by
      #2

      Well my first thought was that you need to check your DB layer for sql injection attacks. You mentioned that your site is protected, so double check that, because maybe you just check some techniques of sql injection hacks, but there are many ways to do it. Also check your credentials to upload that files in the Server, and maybe you should change them.

      luisnike19

      1 Reply Last reply
      0
      • D devboycpp

        Hi and happy new year to westerns. I've a website based on ASP.NET 2 and Sql server 2000 as storage. I use FTP for updating website. Site has a administrators part for content management. The site has been hacked twice since a month ago. Records of some of tables gets deleted . These tables are germane to public webpages not secured parts of the site. and besides some photos from website directories gets deleted. When the site was first hacked I scrutinized directories and found some ASP.NET pages with "aspx" extension placed in some directories. I downloaded those files and check them out. With a cursory look I ascertained that those are programs that analyse the security of sites and faciliate hacking. After the first atack I encrypted my sql server 2000 database user password and placed it in web.config file but the second attack was happened. Site is protected from sql injection attacks. The shell files were deleted from the website after the first attack. Some questions arise here : 1. How those files were placed in the website directories by someone ? 2. Is there anyway to avoid such unwanted upload to website ? 3. How is it possible for hacker to access the database while I have encrypted the password in web.config and site is protected from sql injection attacks. Any solution is highly appreciated.

        K Offline
        K Offline
        Keith Barrow
        wrote on last edited by
        #3

        There isn't a one size fits all answer for this (hence the subject line). I'm a little rusty at the security side of things, but the following might be a start:

        • Did you change your password when you encrypted it: if not the hacker could still be using your original password.
        • You should consider locking down your FTP setup, so that you arrange to have FTP open only when you are uploading. This is most likely how they got in. You could also change your firewall so it only accepts incoming FTP requests from internal/known IPs.
        • The presence of files on your site indicates that whoever has hacked you *might* have some level of user access to you machine (ftp is more likely, but there are tools to bootstrap yourself an account using known vulnerabilities) : Check for new users (especially with administrative rights) and strap your server down.
        • If the hacker has their own login account, they might no longer need the password, their kerberos identity could be enough if authentication is in mixed mode. Check the SQL logs to see who has been in on your system, again strap down who can log in to your SQL server, but they sound clever enough to cover their own tracks. If your SQL server isn't on a different machine, move it. Only allow specific windows accounts to login (say the DB admin's and yours), or none at all (SQL only mode).
        • Put some code security in place so that only code signed by yourselves can be actually executed.
        • Change your SQL password again: they may already have a new one.

        Securing a website isn't easy, there are several vulnerabilities (tools to get admin access, social engineering etc) and any is a potential route in. If you can't do it yourself you should consider getting someone in who can:- it is a skilled job, but before doing this you need to asses what level of risk is acceptable and how much you are willing to pay to secure your site.

        Sort of a cross between Lawrence of Arabia and Dilbert.[^]
        -Or-
        A Dead ringer for Kate Winslett[^]

        1 Reply Last reply
        0
        • D devboycpp

          Hi and happy new year to westerns. I've a website based on ASP.NET 2 and Sql server 2000 as storage. I use FTP for updating website. Site has a administrators part for content management. The site has been hacked twice since a month ago. Records of some of tables gets deleted . These tables are germane to public webpages not secured parts of the site. and besides some photos from website directories gets deleted. When the site was first hacked I scrutinized directories and found some ASP.NET pages with "aspx" extension placed in some directories. I downloaded those files and check them out. With a cursory look I ascertained that those are programs that analyse the security of sites and faciliate hacking. After the first atack I encrypted my sql server 2000 database user password and placed it in web.config file but the second attack was happened. Site is protected from sql injection attacks. The shell files were deleted from the website after the first attack. Some questions arise here : 1. How those files were placed in the website directories by someone ? 2. Is there anyway to avoid such unwanted upload to website ? 3. How is it possible for hacker to access the database while I have encrypted the password in web.config and site is protected from sql injection attacks. Any solution is highly appreciated.

          P Offline
          P Offline
          Pete OHanlon
          wrote on last edited by
          #4

          You might want to engage the services of a penetration tester (a white hat hacker) to identify the weaknesses in your site. Also, analyse your logs for details, and if I were you, I'd get in touch with the police; I assume that hacking is a crime in the country you live in.

          I'm not a stalker, I just know things. Oh by the way, you're out of milk.

          Forgive your enemies - it messes with their heads

          My blog | My articles | MoXAML PowerToys | Onyx

          1 Reply Last reply
          0
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes

          • Login
          • Don't have an account? Register
          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • World
          • Users
          • Groups