Blog article
See all stories »

100,000 reputable web pages are infected

The Register is reporting that determined hackers have injected malicious code into pages on supposedly reputable web sites. The compromised pages were attacked via SQL injection - this is typically where content posted from forms or via querystrings in URLs isn't properly checked before it gets near a database with hilarious consequences.

It's been a known issue for years and used to be a sure sign of sloppy coding. It isn't restricted to Windows servers as the article suggests.

Then again in these brave, user-generated content times  - if you allow users to post links to favourite sites - how are you supposed to prevent them from linking to dodgy items?

Users unfortunate enough to visit the infected pages will be redirected to sites that attempt to exploit known vulnerabilities. Probably a good time to make sure your machine is patched and up to date. 

More on The Register  

 

2338

Comments: (1)

A Finextra member
A Finextra member 25 April, 2008, 06:43Be the first to give this comment the thumbs up 0 likes

We usually get about 10 attempts to hack our site each week, although we have noticed a significant increase recently to sometimes 50 per day. Maybe I've upset someone. We aren't website providers and we don't pretend we are, so if our site is compromised there's nothing critical there anyway and we'll try and have a laugh too.
Possibly the baddies can see the writing on the wall. 

It's a constant battle and sometimes the fault is beyond the site's control. The only thing you can do is keep an eye on it and back-up everything to be able to restore it in the event of a damaging attack. It's the subject no-one really want to discuss in public, no-one wants to attract attention to themselves. There are of course professional hosts who can do the job pretty well, but no-one is infallible. A well funded attacker can pretty well do anything, as evidenced by even very well funded 'expert' sites being successfully attacked. For a smaller business external hosting with a specialist is the best option and at least it's only your site that gets hacked, not your core operations.

It looks like the only way the web will be safe is if we make people sign in at the door.