ASPROX SQL Injection Attacks

[shadmego]

No worries. I figured it was an oversight. That's why I'm here, to help keep you all safe!

About this attack though, the name says alot "ASPRox". This attack is focused on ASP driven sites and HM only runs Linux-based servers. Thus we only have php.

The pdf you linked to mentions that the attack can affect php sites, but doesn't go into any details about how this is done. It only provides asp code, which we as HM customers are safe from.

That doesn't mean we are all safe from SQL injection attacks in general. There is a great rule of thumb for all php/mysql driven sites:

Never trust the data provided by your forms.

Always run tests against them. Always run them through "cleaner" scripts to parse out the potentially bad stuff and NEVER allow direct access to php code that inserts data into the database.

Again, good heads-up on the reminder for protecting against SQL-injection attacks.

~regards

[Kuahara]

I used to work with ASP a lot on windows servers and understand that being on a linux server prevents me from executing server-side asp scripts in my web pages.

However, both times my html and php files were hijacked, the attacks came from asprox domains. I'm obviously not claiming that they were using asp based attacks just because the domain is listed as an asprox domain. The first attack was from gitporg and the 2nd from oics.

Always run them through "cleaner" scripts to parse out the potentially bad stuff

You sound like you have more experience with this than I do. Is there a simple explanation for how to do this? I am, as we speak, still reading up on services offered by IPS, and have several firefox tabs opened so that I can continue reading up on various other SQL injection attacks / security tips. Some of these "tips" are rather tedious.