Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Attack on website

  • 11-08-2008 2:53pm
    #1
    Registered Users, Registered Users 2 Posts: 1,262 ✭✭✭


    Hi folks,

    I was looking at the access log for my site and I saw an attempt at an sql injection attack, originating from China.

    How can I tell if my site or database has been compromised or corrupted?


Comments

  • Registered Users, Registered Users 2 Posts: 2,413 ✭✭✭Stab*City


    di11on wrote: »
    Hi folks,

    I was looking at the access log for my site and I saw an attempt at an sql injection attack, originating from China.

    How can I tell if my site or database has been compromised or corrupted?

    log into your sql database and check recent entries try this

    select * from (here enter the name of the table your querying but leave out the brackets) order by change_dt desc

    that should give you any recent changes..
    .. is your site hosted by yourself or a hosting company?


  • Registered Users, Registered Users 2 Posts: 2,919 ✭✭✭Bob the Builder


    you're not having much luck with websites these days di11on. :D

    as stab city said, a query on the database should tell you what happened.


  • Closed Accounts Posts: 522 ✭✭✭comer_97


    I've been getting a lot of attention on 1 particular site I host lately. It's some nvarchar sql injection, clever stuff but a right pain.

    I've got it covered but it happened 3 or 4 times before I got it sorted.

    and the attacks were from China aswell.


  • Registered Users, Registered Users 2 Posts: 3,594 ✭✭✭forbairt


    di11on wrote: »
    Hi folks,

    I was looking at the access log for my site and I saw an attempt at an sql injection attack, originating from China.

    How can I tell if my site or database has been compromised or corrupted?

    A good idea would be to make sure you're running the latest version of oscommerce on the site ...

    Each version fixes way too many bugs and exploits I've found and can become a bit of a nightmare to keep updated.

    (that said maybe you're not talking about oscommerce)


  • Registered Users, Registered Users 2 Posts: 706 ✭✭✭DJB


    We've being getting attacked every day for the past 3 months or so on a number of sites we run. We needed to clean up some legacy code but seems they are all withstanding the attacks for the last while now.

    We actually created a stored procedure based on their injection script that reversed the injection action.

    If you get hacked, you'll know by looking at your site straight away.

    Rgds, Dave


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,262 ✭✭✭di11on


    nevf wrote: »
    you're not having much luck with websites these days di11on. :D

    as stab city said, a query on the database should tell you what happened.

    LOL :-)
    Forbairt wrote:
    A good idea would be to make sure you're running the latest version of oscommerce on the site ...

    Each version fixes way too many bugs and exploits I've found and can become a bit of a nightmare to keep updated.

    (that said maybe you're not talking about oscommerce)

    Yeah, it's Osc alright. My version is heavily customised and I can't remember which version I downloaded originally... but of a nightmare tracking the various realeases to see which files were updated.

    Unfortunately, not every table has an updated_date, or equivalent column and there are almost 100 tables in osc.

    What should I look out for... what do these attacks typically hope to accomplish? Defacement? Data corruption/stealing... all of the above?


  • Registered Users, Registered Users 2 Posts: 3,594 ✭✭✭forbairt


    di11on wrote: »
    What should I look out for... what do these attacks typically hope to accomplish? Defacement? Data corruption/stealing... all of the above?

    In an ideal world they'd be trying to gain root access to your system

    What they are really after ... could be anything

    You'll find some people who just want to be able to say hey look I destroyed that ... others who want to find the credit card numbers if any are stored or peoples personal details


  • Closed Accounts Posts: 234 ✭✭petergfiffin


    If you have the IP of the attacker you could try updating your .htaccess file to try and deny them access to your site by blocking a range of IP addresses e.g. 233.*.*.* I know the actual IP will change each time but chances are they're using the same ISP which will tend to have a range of addresses


  • Registered Users, Registered Users 2 Posts: 706 ✭✭✭DJB


    The sql injection can put a reference to a JS script file on their server so when you load content from the database, it loads the JS file, which could do a number of things.


Advertisement