Just a newbie here and I am hoping that the security geniuses in here can help me with a problem. I am not a programmer, but our IT person seems to have problems removing malicious codes/scripts in our system.

I work for an online shop which has several programs interfaced with the live site. A month ago, we started having problems with the database. New entries or updates on the database are methodically deleted after an hour or so and even images are being deleted.

My boss tells me that they found about 5 of the malicious codes in several applications and thought that they had cleaned it. When we started working again on the database, the same thing started happening again.

Would appreciate any idea that can help us nip the problem in the bud.

Thanks.

review log files so you can see what the actual attack vectors are. if malicious code is being being uploaded to your server, you should be able to determine where it's at, how it's being used, and how it got there in the first place. if you have sql injection issues in any of your web apps, there won't be an "malicious codes" to find in the first place but the attacker could still muck up your db. it may be best to just start over with a clean slate, but if you put the same vulnerable web apps back up, you'll probably just get pwned again real soon.

Of course, there's the unheard of concept of hiring a professional company to help with the issue, do a code review, network assessment and penetration testing.. but yes, I know, I'm one of those crazy types.

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill