[thelist] Website Hacked?

[Eduardo Kienetz]

On Sat, May 24, 2008 at 4:17 PM, Todd Richards <todd at promisingsites.com> wrote:
> Hi Everyone -
>
> I farmed out an ASP site a few years ago while I was "learning".  Things
> have worked out great, but a few nights ago I noticed a lot of "404 errors"
> coming in from my custom 404 page.  It was from the same IP address and it
> was trying to request a page that didn't exist, such as "site.com/h<script".
> I assumed someone was trying to hack so I blocked the IP address in IIS.
> However, today I noticed that they had been successful in dumping "<script>"
> tags into the fields in my database.
>
> I'm a little raw at this, but what did the ex programmer not do correctly
> that allowed this to happen?  Now I'm either looking at going back and
> restoring the old database (which won't be a problem - it's not a mission
> critical site), or going through and cleaning up the information.  The
> problem is I'm not sure how many records for sure were tampered with.
>
> I'd appreciate any feedback on what possibly happened, as well as what I
> might look at to prevent it in the future.  Hand slapping is acceptable
> (bowing head in shame).

If you have a detailed access log you can actually see how they did
it. I've checked Apache logs for that in the past, don't know about
IIS though.

-- 
Eduardo Bacchi Kienetz