BleepingComputer.com: how to detect maliciously inserted code in ASP.net Server pages

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

how to detect maliciously inserted code in ASP.net Server pages I am interested in taking responsibility for my own site

#1 chromebuster

Distinguished Member

Group: Members
Posts: 815
Joined: 06-May 10
Gender:Female
Location:the crazy city of Boston, In the North East reaches of New England

Posted 24 November 2011 - 03:17 PM

Hi all,
You should know me by now as a complete geek. I am learning the ins and outs of hosting web sites and such and I intend to take responsibility for my own since I have a passion for technology, and I feel that it is an honorable thing to take care of your own technology needs if you are able. I would like to know how to detect things like malicious iFrames inserted into .aspx pages, SQL injections, and the like and then how to prevent them or combat them if necessary (I pray I never have to worry about this at all). But I know it is an important administrative duty in the IIS 7 world. Any advice you have would be great.

Raeder24. We're for community, accessibility for the blind, and technology support. Founded in 2008. join our community at raeder24.org

#2 cryptodan

Bleepin Madman

Group: BC Advisor
Posts: 18,388
Joined: 08-September 08
Gender:Male
Location:Catonsville, Md

Posted 24 November 2011 - 03:59 PM

You could employ an Intrusion Detection / Prevention System to alert you of suspicious activity of which will also let you know if an attack is successful. For all intensive purposes port 3306 which is used for MySQL Database should only be available to all machines that need to connect and within the local area network. You can bind this via --bind-address=127.0.0.1 on the linux command and via Windows SQL Service if you are using MSSQL. You can also setup MySQL on windows to only listen on localhost. This will prevent anyone trying to connect to port 3306 remotely to try and get in.

My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.

#3 chromebuster

Distinguished Member

Group: Members
Posts: 815
Joined: 06-May 10
Gender:Female
Location:the crazy city of Boston, In the North East reaches of New England

Posted 24 November 2011 - 06:39 PM

Yes, (are you kidding me? port 1434's not going anywhere). but what about hack attempts via port 80 in effect to try and get to the other stuff on the server or God forbid, the other computers on the network? That's what i worry about. People trying to use my site as an access point. I'm behind a router, but how then will the router know the difference between a hack attempt via port 80 and a wanted web request? That's what i'm trying to learn to monitor IIS logs for.

Raeder24. We're for community, accessibility for the blind, and technology support. Founded in 2008. join our community at raeder24.org

#4 KamakaZ

Senior Member

Group: Members
Posts: 557
Joined: 26-August 08
Gender:Male
Location:Victoria

Posted 27 November 2011 - 07:55 PM

I think you are being a tad paranoid... If you have a decent website and don't leave it open for an attack you should be OK.

If I am helping you and don't reply in 24 hours please send me a PM

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.