a few days ago the site was SQL database injection attack, I fought two overnight, and finally find a way to solve it. Now, in the past four days, the website is normal, finally can relax a sigh of relief.
(I hope those hackers see here, please, I just want to own the Wugang network well, does not mean what other means, the website program is my own written, I was not a professional developer, you will go, I don’t find vulnerability to attack. Thank you
in those days, in order to prevent SQL database injection attack, all day long stay in front of the computer, often want to cry without tears, because just finished and was attacked. Then this process wrote an article posted on the Internet, there are a lot of people with my QQ every day, I help you solve their website the same problem, which makes me very embarrassed. Being called a master, I don’t really know anything about it.
I’m just a
a little self ASPNET technology enthusiasts, not professional developers, I wrote the program is the Its loopholes appeared one after another. There is no contact with server management, attacks, and prevention. For example, people often ask me what ports, protocols and other terms, I actually do not understand.
I solve the attack of Wugang people’s net, and also fumble it out myself. At the same time, I am very grateful to some net friend to provide an anti injection code in global. Now let me give you a detailed description of the process I have solved.
1, in second days, many times after the resumption of data and attacks, I change the database user’s permissions into db_datareader, modified to this, the database can only read out, you can not write it. After waiting for two hours, I found the site is normal, indicating that the server should be no problem, that is, the site program has problems. Note, if modified to this permission, the same as the site was attacked, indicating that the server must be poisoned or trojans and other issues, it is best to reinstall.
2, although the server seems to have no problem, I went to install an antivirus software (not installed before, only firewall), put some patches to upgrade.
3, add a piece of anti injection code to the Global file. The code is on the internet.
4, I made all the background changes. Previously set as ValidateRequest=" false" deleted. Because I wrote before, the map itself is easy to print, you can directly enter the HTML code in the background. Now encounter this problem, have to delete first, do not think of another way.
5, after this is done, I will add database permissions, add a db_datawrite permissions, you can write it in, and then all the storage process permissions one by one. That’s where the site is used. < >