Author |
Topic |
|
ASPdummy
Starting Member
18 Posts |
Posted - June 19 2007 : 20:47:55
|
Do they search on Google, etc. using keywords like "shopdisplayproducts.asp" in order to find VPASP sites? If I excluded the cart pages from the search engines would that mean hackers wouldn't be able to find the site?
Also what is injection anyway? Injecting unwanted data into the DB? Do they do it through forms? Does it create new records in the DB? |
|
Peter
VP-CART New User
125 Posts |
|
lynch
VP-CART New User
USA
74 Posts |
Posted - June 20 2007 : 14:08:52
|
Yes, ASPdummy, that is exactly the kind of thing many of them do to find VP-ASP sites.
As for injection, it's not just about getting data into databases, but getting it out. By playing with a URL parameter, a hacker tries to add things to your SQL query in order to get more "useful" (for them) data from your database, even through error messages.
There's nothing like "unable to convert 'username/password' into data of type int" to the eyes of a hacker. |
|
|
devshb
Senior Member
United Kingdom
1904 Posts |
Posted - June 21 2007 : 03:05:29
|
don't forget to download our freebie sql-injection-checker script if you haven't already; it'll check every column in every table for potential hacks:
http://www.bigyellowzone.com/shopexd.asp?id=146
it's totally free, and you don't need a byz license key for it, and it's really easy to install. It'll also check custom-created columns without you having to alter the script/config-options, and also even checks custom-created tables.
Simon Barnaby Developer [email protected] www.BigYellowZone.com Web Design, Online Marketing and VPASP addons |
Edited by - devshb on June 21 2007 03:07:14 |
|
|
|
Topic |
|