[thelist] Website Hacked?

Todd Richards todd at promisingsites.com
Sat May 24 16:49:48 CDT 2008


Thanks Anthony.  I am checking so that when someone requests a store - ie.
Store.asp?id=300 - if it's not a numeric value then they will get redirected
to the home page.  However, I'm raw on how they could actually get data
entered into my database.  I know it can happen - I hear about it all the
time.  However, I'm just not sure where to start to fix it.  The "admin"
directory is using Windows authentication rather than a database login,
since I'm the only one who has permissions to update things.  Would that
make a difference?  

Sorry for the rookie questions!

Todd




-----Original Message-----
From: Anthony Baratta [mailto:anthony at baratta.com] 
Sent: Saturday, May 24, 2008 4:24 PM
To: todd at promisingsites.com; thelist at lists.evolt.org
Subject: Re: [thelist] Website Hacked?

Check all your scripts and make sure you are checking your Querystring 
data. If you are not checking your integers to make sure they are 
integers, someone can hijack your pages to really screw with your data.

e.g. isNumeric(QSNumber)

I had a friend lose his whole database to these SQL injection attacks 
from the last month. :-P



--
Anthony Baratta

"The essence of Government is power; and power, lodged as it must be in 
human hands, will ever be liable to abuse." -- James Madison (speech in 
the Virginia constitutional convention, 2 December 1829)





More information about the thelist mailing list