This information was in general interest by QualISpace to clients with reference to SQL Injection. QualiSpace received reports of SQL Injection Hacks from a few clients with websites hosted on network.
Following are suggestive Measures by QualiSpace:
Update your database usernames to have strong passwords. Make sure that you are using the most current version of the software that is available, if your website makes use of commercial software. Try to avoid QueryString based navigation of database driven sites, where ever possible. Strictly restrict any and all file upload functions that may be present on your site, so that only desired file extensions (i.e. .jpg, .pdf) can be uploaded.
It is not a usual phenomenon for ANY site hosted with QualiSpace to be hacked. As a general tendency it is assumed that it took place due to some server vulnerability or security failing on the part of QualiSpace; however, So far, the source of these reported hacks has been found to be within the website application coding / database setup itself. Therefore we are sending out this notice in order to bring this concern to light.
As per the analysis the problem in a couple of cases turned out to be poor password strength for database users. In some cases it was the application error that revealed the database username and password within the error message for all to see. In some unfortunate cases the hack was due to a poorly implemented file upload feature that allowed a hack script to be uploaded. The hacks took place due to Classic SQL Injection as well.
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. An SQL Injection Hack is when a website's application(s) and/or form(s) are not properly coded to prevent executable SQL statements from being submitted directly to the database.
It is highly advisable for everyone to educate themselves, and then correct this problem on their own site(s) before they become victims. The solution to the problem is to follow the Best Security Practices as underlined in the following URLS:http://msdn.microsoft.com/en-us/library/ms161953.aspxhttp://msdn.microsoft.com/en-us/library/bb671351.aspx
For verifying your web site for the vulnerability visit: http://support.microsoft.com/kb/954476
QualiSpace considers the security of network of servers and hosted services to be our highest priority. SQL Injection Hacks are closely connected with the coding and setup of each website instead with the server upon which the site is hosted.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment