[thelist] Website Hacked?

Eduardo Kienetz eduardok at gmail.com
Sat May 24 19:45:53 CDT 2008

On Sat, May 24, 2008 at 4:17 PM, Todd Richards <todd at promisingsites.com> wrote:
> Hi Everyone -
> I farmed out an ASP site a few years ago while I was "learning".  Things
> have worked out great, but a few nights ago I noticed a lot of "404 errors"
> coming in from my custom 404 page.  It was from the same IP address and it
> was trying to request a page that didn't exist, such as "site.com/h<script".
> I assumed someone was trying to hack so I blocked the IP address in IIS.
> However, today I noticed that they had been successful in dumping "<script>"
> tags into the fields in my database.
> I'm a little raw at this, but what did the ex programmer not do correctly
> that allowed this to happen?  Now I'm either looking at going back and
> restoring the old database (which won't be a problem - it's not a mission
> critical site), or going through and cleaning up the information.  The
> problem is I'm not sure how many records for sure were tampered with.
> I'd appreciate any feedback on what possibly happened, as well as what I
> might look at to prevent it in the future.  Hand slapping is acceptable
> (bowing head in shame).

If you have a detailed access log you can actually see how they did
it. I've checked Apache logs for that in the past, don't know about
IIS though.

Eduardo Bacchi Kienetz

More information about the thelist mailing list