My colleague managed to solve the code injection:
1. Set all the folders to read-only by editing its folder or file properties
2. Use remote connection to the server and remove readonly. Then overwrite the codes or upload the files. Then set back to read-only. (in this way, the hacker will not write into the files)
3. Run the scheduler to scan the files for iframe or script or any file that is modified between 9pm to 6am when the programmers are sleeping away ( you can custom your own codes by using cfdirectory to open and read the contents of the files and search for keywords)
4. Marvellously, last night the files are still intact. Will CONTINUE to monitor for the next few more days…
Apart from making your sites read only, a good method is to check for file changes by grabbing a copy of file hashes. Most inputs to the sites should have characters sanitised for unwanted characters such as ‘>’ or ‘!’ or ‘%’ where not required, and remove support for unicode strings where not required. Lots more but thanks for sharing.
This increase in SQL injection is tied to sites hosting on port 8080, much of which are registered in .cn domains.
Hi Steve,
haiz.. it’s very troublesome to run the custom scan file that I created to spot iframe or script insertion and manually remove the bad line. Then enable the read-only properties but if the server is by hosting company, have to send in a ticket to ask the support to enable for us. If they haven’t enabled for some reason and it is delayed till the next day, I have to clean the infected files all over again.
I am waiting or looking for the better solution instead of going thru above again and again?
Cheers,
Eileen