Hi, the client notified me today that the site was displaying an error -- and, indeed, a very general error is showing on the site. Says "Oops! An unexpected error has occurred. The error message has been recorded for the system administrator. We apologize for the inconvenience."
When I removed the friendly error messaging, I found what you see attached -- which looks to me like we've been hacked, perhaps through a SQL injection attack?
The only thing that has changed in the year or two that this has been up is that yesterday the client requested that I make a change to allow anonymous user checkout (see instructions here: viewtopic.php?f=42&t=14725&start=0&hili ... view=print). I did that -- and then this happened. I'm thinking that perhaps this change and the hack are connected.
What are recommended next steps? I suppose we could roll back the database to the day before. Has anyone run into this issue before or have any other advice?
Thanks.
Hacked Site? SQL Injection? Help, please
Hacked Site? SQL Injection? Help, please
Last edited by relish27 on Fri Jun 03, 2011 9:19 am, edited 1 time in total.
Re: Hacked Site? SQL Injection? Help, please
Well its HTML not SQL. But thing is it seems to be in your page's source code not in Database. The only way one could do this is by having write access on this page file. Make sure your FTP details are not compromised. In order to correct this simply take away the stuff that is after following statement
Try searching this script tag on other page files too and remove if you found any other location. Finally better change your FTP credentials.
Code: Select all
</asp:Content>
.comRe: Hacked Site? SQL Injection? Help, please
Right, I realize it's HTML. But a SQL Injection attack can allow code to be added to dynamically displayed content. At least I've seen similar situations like this before (but not in a .NET site), with similar kinds of code being added.
But! Very good point about it actually being in the file, because it was. Sometimes the simplest answer is the best. What was strange was that the file in question could not be overwritten (we got around that). The host is looking into the write permissions and such and will hopefully figure out where the security issue happened.
Thank you!
But! Very good point about it actually being in the file, because it was. Sometimes the simplest answer is the best. What was strange was that the file in question could not be overwritten (we got around that). The host is looking into the write permissions and such and will hopefully figure out where the security issue happened.
Thank you!
Re: Hacked Site? SQL Injection? Help, please
Code: Select all
But a SQL Injection attack can allow code to be added to dynamically displayed content. At least I've seen similar situations like this before (but not in a .NET site), with similar kinds of code being added.