How can I keep my site from being hacked again?
May 9, 2005 7:49 AM Subscribe
Someone has been repeatedly trying to hack into my website. I'm on a windows box, running ASP and an Access Database.
posted by quibx to computers & internet (10 answers total) 1 user marked this as a favorite
I run a site where I review toys, and as an experiment in ASP, I created a whole publishing interface that uses an access database and a password protected login.
Last week, someone broke in (probably using a brute force attempt), and went in and began dumping random ASP code into my reviews. My thought was to gain access to server information etc.. Googling came up with an application called Stationmaster ASP. Dunno what it does, but looks like they didn’t succeed.
Still, I changed all my passwords, backed up my data.
Well, this weekend I am hacked again. I forget that I had a form that allows people to upload images for reviews. This form allows any media to be uploaded, but does not go into a database. It was accessible off of one of my logged in pages, but not publicly. The hacker uploaded EXE, BAT, ASP and even what looks like a picture of himself and his girlfriend to my server. I’ve since deleted the offending page, but I worry now that I am an easy target for hackers and script kiddies.
Now I am not an ASP Guru – what can I do to further protect myself? I am now working on a new site in PHP, on a completely different server. Is there any kind of known ASP exploit this hacker is using? Anything my host can do to patch my system?