SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Thread: Site hacked

  1. #1
    SitePoint Member
    Join Date
    Jun 2009
    Location
    Sofia Antipolis
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Site hacked

    We have found out that an old ASP site I have started looking after has been hacked.

    Can anyone:

    1) link to a security check list
    2) Free / recommended security tools
    3) Put me in touch with a hacker / asp security expert to do an audit.

    Any other advice?

    Thanks
    James

  2. #2
    SitePoint Wizard siteguru's Avatar
    Join Date
    Oct 2002
    Location
    Scotland
    Posts
    3,631
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    What was hacked? The actual web pages or the database driving the pages?

    Is the website hosted on a shared server? (If yes then people with another site on that server can access other sites on that same server via the FileSystemObject if the server setup for security is rubbish).
    Ian Anderson
    www.siteguru.co.uk

  3. #3
    SitePoint Wizard bronze trophy
    Join Date
    Oct 2001
    Location
    Vancouver BC Canada
    Posts
    2,033
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Yes as Ian has indicated, there are a number of ways an ASP site can be hacked.

    I've run Windows 2000, 2003 as web servers and have been hacked several times as a result. In my cases they gained access via FTP or FrontPage Extensions. My server wasn't a production server so it wasn't a huge deal. I disabled FrontPage extensions and shut down FTP and the problem was solved.

    Hackers can also get in via SQL Injection, if you have forms that send data to your database. In that case you must make sure to sanitize inputs especially if your dealing with login forms on ASP. EDIT (to clarify): They can gain access to the database via SQL Injection.

    Most of the guys I've met who offer hosting on MS servers are well equipped to handle locking down an IIS server. What version of Windows Server is the site hosted on?
    Andrew Wasson | www.lunadesign.org
    Principal / Internet Development


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •