I've said it before, I'll say it again - I can't understand how someone will damage someone else's property or work. My website was hacked with a SQL injection attack today. It affected thousands of records and could have potentially infected visitors to my website with a virus. I immediately took my website down when I discovered this.

So, the technical readers of this article are thinking "didn't you read all the advisories in the new lately?". Well, I guess I should have read them more closely; I thought I was safe since my forms all validated input to prevent potential attacks. Well, this one used the query string on the URL to add script tags to every text field in my database. Arrggh!

The good news is that I restored my database from a previous day, so I didn't need to fix my database manually. More good news is that (I believe) this type of attack is now impossible on my site.

The last bit of good news is that I will now go back and read all those advisories and run the tools to check to see that my site is, indeed, hacker-proof.

Damn hackers!
Submitted  7/9/2008 11:24:39 PM
Comment (0)