VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VP-ASP Shopping Cart Customer Forum

Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 VPCart Forum
 Credit card fraud and hackers
 How do VPASP hackers find our sites to begin with?
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

ASPdummy
Starting Member

18 Posts

Posted - June 19 2007 :  20:47:55  Show Profile  Reply with Quote
Do they search on Google, etc. using keywords like "shopdisplayproducts.asp" in order to find VPASP sites? If I excluded the cart pages from the search engines would that mean hackers wouldn't be able to find the site?

Also what is injection anyway? Injecting unwanted data into the DB? Do they do it through forms? Does it create new records in the DB?

Peter
VP-ASP New User

125 Posts

Posted - June 19 2007 :  20:55:48  Show Profile  Reply with Quote
This thread might help with the first part of your question:

http://www.vpasp.com/virtprog/vpaspforum/topic.asp?TOPIC_ID=7038
Go to Top of Page

lynch
VP-ASP New User

USA
74 Posts

Posted - June 20 2007 :  14:08:52  Show Profile  Reply with Quote
Yes, ASPdummy, that is exactly the kind of thing many of them do to find VP-ASP sites.

As for injection, it's not just about getting data into databases, but getting it out. By playing with a URL parameter, a hacker tries to add things to your SQL query in order to get more "useful" (for them) data from your database, even through error messages.

There's nothing like "unable to convert 'username/password' into data of type int" to the eyes of a hacker.
Go to Top of Page

devshb
Senior Member

United Kingdom
1898 Posts

Posted - June 21 2007 :  03:05:29  Show Profile  Visit devshb's Homepage  Reply with Quote
don't forget to download our freebie sql-injection-checker script if you haven't already; it'll check every column in every table for potential hacks:

http://www.bigyellowzone.com/shopexd.asp?id=146

it's totally free, and you don't need a byz license key for it, and it's really easy to install. It'll also check custom-created columns without you having to alter the script/config-options, and also even checks custom-created tables.

Simon Barnaby
Developer
[email protected]
www.BigYellowZone.com
Web Design, Online Marketing and VPASP addons

Edited by - devshb on June 21 2007 03:07:14
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000