SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast
    Join Date
    Dec 2005
    0 Post(s)
    0 Thread(s)

    Unhappy My website has been hacked for the third time

    My website has been hacked for the third time! This time I have had to take it offline because it was infecting visiting pc’s with a Trojan virus.

    I’m getting really down about all this. Its hard enough trying to start an online business . I have little experience in website security and its obvious current security levels are not good enough. Are there any security experts out there who would be kind enough to look at my code below and give me an idea of where I am going wrong. Thanks.

    Firstly here is the injection that was written to my MS SQL database:

    <script src=></script>

    It is NOT embedded in links BUT instead appears at the end of messages posted by my users. It has been added to messages that already existed In the database. It has not infected every database table though.

    Below is the security that is applied to all input areas of the website:

    conn.Execute "insert into tbl ([groupnewsid], [thecomment], [submittedby], [groupid], [dateofcomment]) " _
    & "values ('" _
    & clng(request.querystring("nid")) & _
    "','" & Server.HTMLEncode(cleanuptext(request.form("txtnewscomment"))) & _
    "','" & clng(session("userid")) & _
    "','" & clng(session("groupid")) & _
    "','" & FormatMediumDate(date()) & "')"
    session("errmessage2") = ""
    session("varcomment") = ""
    end if

    And below is the cleanuptext function:

    'validation allows only good characters and disallows bad strings
    function cleanuptext(input)
    newstr = ""
    input = replace(input,vbcrlf,"CCCCCCC")
    good_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789""`!&#163;$&#37;&*()_-+=:;@'#<>,.?/ "

    for i = 1 to len(input)
    c = mid(input, i, 1)
    if (InStr(good_chars, c) = 0) then

    newstr = newstr & c
    end if

    newstr = replace(newstr,"'","`")
    newstr = replace(newstr,"--","")
    newstr = replace(newstr,"XP_","")
    newstr = replace(newstr,"xp_","")

    newstr = replace(newstr,";","semicolon")
    newstr = replace(newstr,"*","asterisk")
    newstr = replace(newstr,"=","equals")
    newstr = replace(newstr,"%","percentage")

    newstr = replace(newstr,"script","scr1pt")
    newstr = replace(newstr,"Script","Scr1pt")
    newstr = replace(newstr,"SCRIPT","SCR1PT")
    newstr = replace(newstr,"union","un10n")
    newstr = replace(newstr,"Union","Un10n")
    newstr = replace(newstr,"UNION","UN10N")
    newstr = replace(newstr,"insert","1ns3rt")
    newstr = replace(newstr,"Insert","Ins3rt")
    newstr = replace(newstr,"INSERT","1NS3RT")
    newstr = replace(newstr,"drop","dr0p")
    newstr = replace(newstr,"Drop","Dr0p")
    newstr = replace(newstr,"DROP","DR0P")
    newstr = replace(newstr,"delete","d3l3t3")
    newstr = replace(newstr,"Delete","D3l3t3")
    newstr = replace(newstr,"DELETE","D3L3T3")
    newstr = replace(newstr,"create","cr34t3")
    newstr = replace(newstr,"Create","Cr34t3")
    newstr = replace(newstr,"CREATE","CR34T3")
    newstr = replace(newstr,"select","s3l3ct")
    newstr = replace(newstr,"Select","S3l3ct")
    newstr = replace(newstr,"SELECT","S3L3CT")
    newstr = replace(newstr,"exec","3x3c")
    newstr = replace(newstr,"Exec","Ex3c")
    newstr = replace(newstr,"EXEC","3X3C")
    newstr = replace(newstr,"cast","c4st")
    newstr = replace(newstr,"Cast","C4st")
    newstr = replace(newstr,"CAST","C4ST")
    newstr = replace(newstr,"varchar","v4rch4r")
    newstr = replace(newstr,"Varchar","V4rch4r")
    newstr = replace(newstr,"VARCHAR","V4RCH4R")
    newstr = replace(newstr,"declare","d3cl4r3")
    newstr = replace(newstr,"Declare","D3cl4r3")
    newstr = replace(newstr,"DECLARE","D3CL4R3")
    newstr = replace(newstr,"object","obj3ct")
    newstr = replace(newstr,"Object","Obj3ct")
    newstr = replace(newstr,"OBJECT","OBJ3CT")
    newstr = replace(newstr,"embed","emb3d")
    newstr = replace(newstr,"Embed","Emb3d")
    newstr = replace(newstr,"EMBED","EMB3D")
    newstr = replace(newstr,"CCCCCCC", vbcrlf)

    cleanuptext = newstr
    end function

    Please help me. I would be really grateful if you could show me what’s missing or what’s wrong with my existing code?


  2. #2
    SitePoint Addict skunkbad's Avatar
    Join Date
    Apr 2008
    Temecula, CA
    0 Post(s)
    0 Thread(s)
    You should check your FTP logs and see if somebody signed in as you from a different IP address. If this is the case, all you probably need to do is use secure FTP, FTPES, SFTP, etc. Do not store your FTP passwords on your computer! Make sure to change your account password and FTP password.

  3. #3
    SitePoint Enthusiast
    Join Date
    Dec 2005
    0 Post(s)
    0 Thread(s)
    Ok thanks for that. Is the code above adequate enough to secure the site against attack?

  4. #4
    Community Advisor silver trophy

    Join Date
    Nov 2006
    37 Post(s)
    1 Thread(s)
    Quote Originally Posted by simonp_ccfc View Post
    Ok thanks for that. Is the code above adequate enough to secure the site against attack?
    You'd probably be better asking that in the relevant coding forum e.g asp


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts