Asprox: list of domains and mitigation steps
The folks over at Bloombit Software have a useful article called ASCII Encoded/Binary String Automated SQL Injection Attack which explains some of the technical details behind these attacks and also has another list of domains serving up malware which is useful to keep an eye on.
Labels: Asp, SQL Injection
posted by Conrad Longmore at
10:47
2 Comments:
Thanks for the article from Michael Zino.
Our web site was infected twice during the last 21 weeks.
I have implemented the code described by Michael Zino on our web site and adapted it a little and it works very well.
I can see attacks in the log but no more infection.
Dim query
query = Request.ServerVariables("QUERY_STRING")
If InStr(UCase(query),"EXEC(") > 0 OR InStr(UCase(query),"EXEC (") OR Len(query) > 500 Then
response.redirect("http://www.google.com")
End if
query = Request.form
If InStr(UCase(query),"EXEC(") > 0 OR InStr(UCase(query),"EXEC (") OR InStr(UCase(query),"EXEC%28") OR Len(query) > 500 Then
response.redirect("http://www.google.com")
End If
27 June 2008 15:51
Conrad,
Very informative series a post! If you are interested, I have an analysis of the javascript scripts that are injected:
part I [cs.ucsb.edu] and
part II [cs.ucsb.edu].
27 June 2008 16:53
Post a Comment
<< Home