The Ethical Hacker Network - Help with Malicious Script in Database and Web Application

Latest Additions

Who's Online

bloggerX

Newbie

Offline

Posts: 2

Help with Malicious Script in Database and Web Application

« on: February 19, 2010, 10:54:31 AM »

Just a newbie here and I am hoping that the security geniuses in here can help us with a problem. I am not a programmer, but our IT person seems to have problems removing malicious codes/scripts in our system. (Hope this is the right thread).

I work for an online shop which has several programs interfaced with the live site. A month ago, we started having problems with the database. New entries or updates on the database are methodically deleted after an hour or so and even images are being deleted.

My boss tells me that they found about 5 of the malicious codes in several applications and thought that they had cleaned it. When we started working again on the database, the same thing started happening again.

Would appreciate any idea that can help us nip the problem in the bud.

Thanks.


	Logged

UNIX

Hero Member

Offline

Posts: 1235

Re: Help with Malicious Script in Database and Web Application

« Reply #1 on: February 19, 2010, 11:19:05 AM »

It is difficult to give any specific advice, without seeing the exact architecture, source codes, files, etc. - there are many possibilities in which an attacker could inject malicious code.

Therefore, if possible, you might consider to hire a professional team of security consults, pentesters, forensic guys, in order to let them review your systems. They are doing things like this on a daily basis and should be able to clean your systems and harden them.

Do you have any kind of backups you could replace with the current applications and databases? Is this even possible for you?


	Logged

unsupported

Sr. Member

Offline

Posts: 318

Unofficial Newbie Moderator

Re: Help with Malicious Script in Database and Web Application

« Reply #2 on: February 19, 2010, 11:36:51 AM »

I agree with awesec. This is not something you can get help with over a forum. It is not like asking for updated drivers for a piece of hardware, or help installing a program. There are so many issues surrounding your situation if we listed them all, your head would go all explody (technical term). Also, the skill and knowledge to properly administer any suggestions is another thing. No matter what we tell you, actually applying it to your specific situation is another thing all together.


	Logged

-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP

hayabusa

Hero Member

Offline

Posts: 1632

Re: Help with Malicious Script in Database and Web Application

« Reply #3 on: February 19, 2010, 11:41:32 AM »

I'll third the posts from awesec and unsupported.

You also have to realize, if someone put malicious code there, to begin with, they could very well be re-populating the code right back on, after you clean it off. If there's a hole, through which they keep managing to update the code, then THAT hole should be found / fixed, along with cleaning of this code, and a team who is trained to find and remedy such holes should be brought in to do so.

Good luck.


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

bloggerX

Newbie

Offline

Posts: 2

Re: Help with Malicious Script in Database and Web Application

« Reply #4 on: February 19, 2010, 12:06:24 PM »

Thanks for the response guys. I actually wanted to suggest hiring experts for my boss since the problem has persisted for more than 2 weeks already. But I needed to be sure it would be a logical choice considering I have no programming background and I wanted to make sure I would not be undermining our IT guy.