Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to detect maliciously inserted code in ASP.net Server pages


  • Please log in to reply
5 replies to this topic

#1 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:08:04 AM

Posted 24 November 2011 - 03:17 PM

Hi all,
You should know me by now as a complete geek. I am learning the ins and outs of hosting web sites and such and I intend to take responsibility for my own since I have a passion for technology, and I feel that it is an honorable thing to take care of your own technology needs if you are able. I would like to know how to detect things like malicious iFrames inserted into .aspx pages, SQL injections, and the like and then how to prevent them or combat them if necessary (I pray I never have to worry about this at all). But I know it is an important administrative duty in the IIS 7 world. Any advice you have would be great.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:04 PM

Posted 24 November 2011 - 03:59 PM

You could employ an Intrusion Detection / Prevention System to alert you of suspicious activity of which will also let you know if an attack is successful. For all intensive purposes port 3306 which is used for MySQL Database should only be available to all machines that need to connect and within the local area network. You can bind this via --bind-address=127.0.0.1 on the linux command and via Windows SQL Service if you are using MSSQL. You can also setup MySQL on windows to only listen on localhost. This will prevent anyone trying to connect to port 3306 remotely to try and get in.

#3 chromebuster

chromebuster
  • Topic Starter

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:08:04 AM

Posted 24 November 2011 - 06:39 PM

Yes, (are you kidding me? port 1434's not going anywhere). but what about hack attempts via port 80 in effect to try and get to the other stuff on the server or God forbid, the other computers on the network? That's what i worry about. People trying to use my site as an access point. I'm behind a router, but how then will the router know the difference between a hack attempt via port 80 and a wanted web request? That's what i'm trying to learn to monitor IIS logs for.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#4 KamakaZ

KamakaZ

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:11:04 PM

Posted 27 November 2011 - 07:55 PM

I think you are being a tad paranoid... If you have a decent website and don't leave it open for an attack you should be OK.

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#5 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:04 AM

Posted 27 November 2011 - 08:06 PM

Just a random question. How can you tell the difference between maliciously inserted code, and regular inserted code?

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:04 PM

Posted 27 November 2011 - 08:26 PM

You can follow the practices outlined here:

Stop SQL Injection Attacks Before They Stop You




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users