SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast whitebelt's Avatar
    Join Date
    Oct 2006
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unhappy SQL Injection & XSS attack/WHO HERE CAN FIX THIS?

    My site sustained an SQL Injection and XSS attack which is making the database act weird.

    Are there any SQL Injection XSS experts in SitePoint who know how to fix it?
    Last edited by molona; Oct 25, 2009 at 15:15. Reason: No service requests allowed in the forums
    Whitebelt,
    website owner

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    This is too vague to help with. What exactly was done (do you know what queries they ran?) and what is "acting weird"?

  3. #3
    SitePoint Enthusiast whitebelt's Avatar
    Join Date
    Oct 2006
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question

    Thanks for prompt response. I don't know what queries they ran [i wouldn't recongnize a query if it came up and bit me]. I don't know the technical aspects of these things. I just know about the business/legal aspects of the site. My developer doesn't know about sql injection fixes, or XSS fixes. He can't help me.

    What happened was that my site was defaced. If I entered information in my CMS to add items and photos to the database that runs the site, this newly added information would not appear where it was supposed to appear. Or sometimes it would appear as a duplicate somewhere else. Someone told me that the hack may have messed-up my tables and columns, etc. on the database. Others said it may just have been a "GLITCH" in my database/php script. I don't know who's right.

    My developer was able to get the site to work again as it used to [temporarily]. But it looks like things may be acting up again. I do get TONS AND TONS of automated spam via my contact forms. Most of my traffic on my traffic reports comes from Russia(?); I suspect Russian spammers. These contact forms are not secure. I need to add more security. Thus, the request for an SQL Injection or xss specialist to assist.

    Could you recommend someone? Thank you.
    Whitebelt,
    website owner

  4. #4
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,014
    Mentioned
    53 Post(s)
    Tagged
    2 Thread(s)
    Quote Originally Posted by whitebelt View Post
    My developer doesn't know about sql injection fixes, or XSS fixes. He can't help me.
    sounds like your developer doesn't know how to prevent sql injection either

    get a new developer

    note: to look for someone via sitepoint, you must use the marketplace, not the regular forums
    r937.com | rudy.ca | Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  5. #5
    SitePoint Enthusiast whitebelt's Avatar
    Join Date
    Oct 2006
    Posts
    59
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Will do .... thanks
    Whitebelt,
    website owner


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •