473,394 Members | 1,740 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > database being corrupted by hackers

Join Bytes to post your question to a community of 473,394 software developers and data experts.

Database being corrupted by hackers

I have done a content management website http://sarasa.in, in asp. used sql server database.

this site database is being corrupting by some hackers. They are changing data with adding script tag to the existing data for some fields, and removing data for some fields in tables.

So, Im loosing my patience to rectify this problem. This happens repeatedly to this site even after clearing entire database and refresh the data.

How should I restrict hacker attacks to the data?
Apr 26 '10 #1
4 1825
GazMathias
228 Expert 128KB
Hi,

You can sanitise user input before you use it to interact with the database.

Start by replacing ' with '' or (my personal preference) `

Also use the datatype conversion functions to force user input into a specific format. For example, using ID in this querystring:
Expand|Select|Wrap|Line Numbers
  1. somepage.asp?ID=1; DELETE * FROM tblSomeTable
  2.  
Will not get past this:
Expand|Select|Wrap|Line Numbers
  1. ArticleID = CLng(request.querystring("ID"))
  2. SQL = "SELECT * FROM tblSomeTable WHERE ID=" & ArticleID
  3.  
It is also a good idea to use server.HTMLEncode, too.

Any other takers?

Gaz
Apr 27 '10 #2
@GazMathias
Hi GazMathias,

By searching several sites I find out loop holes in my code.

I followed the steps as you said. And reloaded the site again. I hope the problem is solved now.

Thank you very much for your response......
Apr 27 '10 #3
jhardman
3,406 Expert 2GB
filter out semicolons. it is fairly hard to do an injection attack without semicolons.

Make sure queries that are just looking up data and returning a recordset use a cursortype/locktype that do not allow modifying the db.

You could also use stored procedures and set each parameter that the user enters. This is considered a best practice by a lot of people.

And to top it off, if you can detect an attack, get the user's IP address
Expand|Select|Wrap|Line Numbers
  1. request.servervariables("REMOTE_ADDR")
and submit it to an IP blacklist.

Jared
Apr 28 '10 #4
Dear Friend,
You can use a data recovery software for your corrupted sql database and get your data back there are so may software which help you one of them you can download from here http://www.restoresqldatabase.org/
Jul 17 '12 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

2
Recover A Database From Another Hard Disk With A Corrupted Windows 2000 Installation.
by: Nate | last post by:
Hello, I am trying to recover a SQL Server 7 database from another hard disk drive that has a corrupted Windows 2000 Advanced Server installation. I am not able to repair the corrupted Windows...
Microsoft SQL Server
14
Unrecognized database format 'filename.mdb'
by: L Mehl | last post by:
I tested a FE/BE application developed in A2000 on a A2002 machine and got this message when exiting the app. Clicking the only available button "OK", exits the application, as intended. The FE...
Microsoft Access / VBA
3
Access database corrupted - Relationship between related tables LOST
by: Leinad Kong | last post by:
I'm using Access 2002, as front-end and back-end as well: 1) I faced database corrupted problems, when more than 1 user edit concurrently. I'm using All-records Locking, and open-exclusively as...
Microsoft Access / VBA
1
my database is very corrupted
by: WindAndWaves | last post by:
Hi Folks I have a rather corrupted database. I think the MSysAccessStorage table is (partly) gone and therefore the whole database is not working anymore. I have tried: - compact and...
Microsoft Access / VBA
3
COMPACTING AND REPAIRING DATABASE
by: Ken Davis via AccessMonster.com | last post by:
I get this error message when trying to compact and repair my database: (Could not find field "Description"). When I clicked on Help, the error message number comes up as (Error 3799) It's the...
Microsoft Access / VBA
47
Advice needed: Should we upgrade MS Access 2000? And if so to what?
by: ship | last post by:
Hi We need some advice: We are thinking of upgrading our Access database from Access 2000 to Access 2004. How stable is MS Office 2003? (particularly Access 2003). We are just a small...
Microsoft Access / VBA
6
Networking Database
by: Gary | last post by:
I have recently placed an access database (back end) on a network folder. The standalone pc's accessing the network have in their own respective C drives a copy of the database (minus the table). I...
Microsoft Access / VBA
2
FATAL: the database system is in recovery mode
by: Ron St-Pierre | last post by:
We're developing a java app and are using postgres as the database. On our dev server I started the app, closed it, but the java process was still open so I killed it, which caused the above error....
PostgreSQL Database
14
copy a database
by: David Suela Fernández | last post by:
Hi! Is it possible to copy/migrate one database from one postgres server to other copying just the files in /var/lib/postgres/data/ ? I can't use pg_dump because it give me an error. I think...
PostgreSQL Database
9
Database corrupted error
by: advance scout | last post by:
HELP! My database is suddenly corrupted. My computer was acting funny (very sluggish) and was shut down. Access had been already been closed down but computer was acting very slow , so perhaps it...
Microsoft Access / VBA
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!