I’ve been getting a lot of requests for information about how to patch this attack. I’ve got to back up a minute and tell you that the attack is a pure sql injection attack. Previously, I reported that it was a windows vulnerability, however, upon further investigation, the server logs I looked at where only “attempts” to find a vulnerability.
But back to the problem and some solutions.
- Disallow all sql parameters in your form text fields. There are plenty of tutorials on how to do this.
- Read Jess’s blog, he has a TON of links to great source and a neat rollback sql function to fix these type of sql injections
- Remove “Enter Events” from your asp and asp.net forms. Your users are going to have to click on the button for now.
- Did I mention go to Jess’s blog?
- Check for your most recent database backup. If the offending script does not appear, you’ll have clean code and timestamp as to when the last time your code was clean.
- If you don’t do regular backups, start to get into the habit right NOW. If you have to do a backup every 2 hours, then do it. Keep copies online and off. A reputable hosting company will allow you to make as many backups as you need.
- Check your hosting company’s backup policy. Appliedi.net backups data at least twice in a 24 hour period.
- If you’re on a dedicated box, assign some space and memory to run sql backup jobs automatically. I’m doing some research on best practices.
- During the hack attempt, or event, have a BIG GLASS OF SCOTCH, RUM, OR LIQUOR OF YOUR OWN CHOOSING. These things are not easy to get through, but you need to relax or you’ll never get through it.
- Be better prepared. Just like a hurricane or earthquake, have a disaster plan.
Hope this helps.