.

Help with Malicious Script in Database and Web Application

<<

bloggerX

Newbie
Newbie

Posts: 2

Joined: Fri Feb 19, 2010 11:51 am

Post Fri Feb 19, 2010 11:54 am

Help with Malicious Script in Database and Web Application

Just a newbie here and I am hoping that the security geniuses in here can help us with a problem. I am not a programmer, but our IT person seems to have problems removing malicious codes/scripts in our system. (Hope this is the right thread).

I work for an online shop which has several programs interfaced with the live site. A month ago, we started having problems with the database. New entries or updates on the database are methodically deleted after an hour or so and even images are being deleted.

My boss tells me that they found about 5 of the malicious codes in several applications and thought that they had cleaned it. When we started working again on the database, the same thing started happening again.

Would appreciate any idea that can help us nip the problem in the bud.

Thanks.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Fri Feb 19, 2010 12:19 pm

Re: Help with Malicious Script in Database and Web Application

It is difficult to give any specific advice, without seeing the exact architecture, source codes, files, etc. - there are many possibilities in which an attacker could inject malicious code.

Therefore, if possible, you might consider to hire a professional team of security consults, pentesters, forensic guys, in order to let them review your systems. They are doing things like this on a daily basis and should be able to clean your systems and harden them.

Do you have any kind of backups you could replace with the current applications and databases? Is this even possible for you?
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Fri Feb 19, 2010 12:36 pm

Re: Help with Malicious Script in Database and Web Application

I agree with awesec.  This is not something you can get help with over a forum.  It is not like asking for updated drivers for a piece of hardware, or help installing a program.  There are so many issues surrounding your situation if we listed them all, your head would go all explody (technical term).  Also, the skill and knowledge to properly administer any suggestions is another thing.  No matter what we tell you, actually applying it to your specific situation is another thing all together.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Feb 19, 2010 12:41 pm

Re: Help with Malicious Script in Database and Web Application

I'll third the posts from awesec and unsupported.

You also have to realize, if someone put malicious code there, to begin with, they could very well be re-populating the code right back on, after you clean it off.  If there's a hole, through which they keep managing to update the code, then THAT hole should be found / fixed, along with cleaning of this code, and a team who is trained to find and remedy such holes should be brought in to do so.

Good luck.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

bloggerX

Newbie
Newbie

Posts: 2

Joined: Fri Feb 19, 2010 11:51 am

Post Fri Feb 19, 2010 1:06 pm

Re: Help with Malicious Script in Database and Web Application

Thanks for the response guys. I actually wanted to suggest hiring experts for my boss since the problem has persisted for more than 2 weeks already.  But I needed to be sure it would be a logical choice considering I have no programming background and I wanted to make sure I would not be undermining our IT guy. 

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software