Results 1 to 2 of 2

Thread: Websites hacked, cant understand how

  1. #1
    Join Date
    Oct 2012

    Websites hacked, cant understand how

    Iīve got 4 old websites in classic ASP. I recently found out that some files on the websites have had spam links (I think itīs some chinese links) added in the file for several months.
    They are all on the same hosting company and they all got these links added on the same date.
    The websites does not use any CMS like Joomla or Wordpress.

    The code is protected against sql injection by clng and by the use of replace for some characters.
    One of the websites have no forms at all except for the administrators login form.
    The others only got contact forms where the content is e-mailed, not stored in the mysql database.

    There are no page where the content entered in a form is written out on the screen. Itīs only used to send the contact e-mails and to check if the login in correct.

    The links was added in the files, not injected in the database.

    More than 90 days passed so I canīt see anything in the ftp logs.

    How can this be possible?

  2. #2
    Join Date
    Jan 2008
    What do you mean the links are in the files? Are you looking in the actual source files on the server or doing a view source in the browser?

    My bet is the injection is in the database.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center