Hack attack

Posted on July 3, 2009

You probably weren’t aware of this, but the AITP Richmond site was stolen on June 7. If you tried to go to the registration page Sunday evening (which was fortunate), you were directed to a hacker’s site. I worked with our host provider, hostek.com, to get the offending code off our server the next morning. The vendor got a little too carried away, and restored our data as of Saturday evening, so we did lose some registrations, but we didn’t lose anything we couldn’t recover from. Hostek is to be commended for their prompt actions, as this did occur late on a Sunday evening, and we got it resolved first thing Monday morning. Cherian Abraham gets the award for vigilance though, as he was the one that brought this to my attention.

The hacker used a simple trick that I wasn’t aware of, but Cherian figured it out immediately. The hacker used the comments section of the registration page to insert some ASP code (actually Visual Basic) in stream, as if it were part of some normal text. Once I realized this, I changed my code to intercept the use of certain characters in a comment, like an apostrophe, less-than symbol, etc. I tested it, and it seemed to work fine. And wouldn’t you know it, we got hit again about a week later. It didn’t work this time, though because of my code changes.

So, our web site is now a little more secure, and I gained a little knowledge about how to protect a site from hackers.

» Filed Under Blog

Comments

Leave a Reply