Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Help with Malicious Script in Database and Web Application
Posted by: bloggerX
Date: February 19, 2010 09:59AM

Just a newbie here and I am hoping that the security geniuses in here can help me with a problem. I am not a programmer, but our IT person seems to have problems removing malicious codes/scripts in our system.

I work for an online shop which has several programs interfaced with the live site. A month ago, we started having problems with the database. New entries or updates on the database are methodically deleted after an hour or so and even images are being deleted.

My boss tells me that they found about 5 of the malicious codes in several applications and thought that they had cleaned it. When we started working again on the database, the same thing started happening again.

Would appreciate any idea that can help us nip the problem in the bud.

Thanks.

Options: ReplyQuote
Re: Help with Malicious Script in Database and Web Application
Posted by: thornmaker
Date: February 19, 2010 11:38AM

review log files so you can see what the actual attack vectors are. if malicious code is being being uploaded to your server, you should be able to determine where it's at, how it's being used, and how it got there in the first place. if you have sql injection issues in any of your web apps, there won't be an "malicious codes" to find in the first place but the attacker could still muck up your db. it may be best to just start over with a clean slate, but if you put the same vulnerable web apps back up, you'll probably just get pwned again real soon.

Options: ReplyQuote
Re: Help with Malicious Script in Database and Web Application
Posted by: thrill
Date: February 19, 2010 12:25PM

Of course, there's the unheard of concept of hiring a professional company to help with the issue, do a code review, network assessment and penetration testing.. but yes, I know, I'm one of those crazy types.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote


Sorry, only registered users may post in this forum.