banco-de-dados – Database being changed/Hacked

Question:

I don't know if I can ask this question here, if I can, I ask you to suspend the question, or let me know and I'll delete it.

For the second time I came across a Bank invaded. In almost all text fields of all database tables, the following code was added at the end of the records:

</title>
<style>
    .ao0n {
        position: absolute;
        clip: rect(470px,auto,auto,470px);
    }
</style>
<div class="ao0n">quick <a href="http://ironpaydayloans.com">payday loans</a> with small commissions</div>
</title><style>
            .ao0n {
                position: absolute;
                clip: rect(470px,auto,auto,470px);
            }
        </style><div class="ao0n">quick <a href="http://ironpaydayloans.com">payday loans</a> with small commissions</div>
</title><style>
            .alry {
                position: absolute;
                clip: rect(410px,auto,auto,410px);
            }
        </style><div class="alry">A payday to get <a href="http://paydayloansforsure.com">fast payday cash loans</a> source you into them.</div>
</title><style>
            .alry {
                position: absolute;
                clip: rect(410px,auto,auto,410px);
            }
        </style><div class="alry">A payday to get <a href="http://paydayloansforsure.com">fast payday cash loans</a> source you into them.</div>
</title><style>
            .auj {
                position: absolute;
                clip: rect(441px,auto,auto,441px);
            }
        </style><div class="auj">A much a limited <a href="http://proofpaydayloans.com">payday loans</a> of that banks payday loan.</div>
</title><style>
            .auj {
                position: absolute;
                clip: rect(441px,auto,auto,441px);
            }
        </style><div class="auj">A much a limited <a href="http://proofpaydayloans.com">payday loans</a> of that banks payday loan.</div>

I wanted to know if anyone has had this problem, or knows why it happens. And how can I solve this problem.

Answer:

Well, let's go!

From the comments I have a strong hunch, you are passing variables to your aspx, and this nowadays is an evil gateway, "hackers" simply take your variable, in your case your id variable and start inserting arbitrary codes from select/insert/update this is called sql-injection , one alternative is to abolish GET altogether, the other is to simply filter out any unexpected input in your variables.

You need to have greater control of your logs, all successful attempts or not will be in your logs on the http server (ISS, Apache, etc), spend some time analyzing these logs they will tell you where, which aspx was attacked and used as a bridge to enter values ​​incorrectly.

Also analyze your bank's logs, look for different IP's that should not have access.

Check your firewall and ensure that your database does not have external access, if necessary, close communication only to the necessary and trusted ips/domains.

Post Views: 0
Scroll to Top