This is a guest article by Melissa Dean. You too can be part of this great knowledge sharing community. Take a look at our guest blogging guidelines.
SQL injections are far more frequent than you would believe. An attack that stars with several thousand web sites has the potential to reach more than a million within days. The mechanism of infection itself remains unchanged. Only the scope of the damage is what changes. It is growing at an exponential rate, notwithstanding the fact that modern frameworks have built-in protection systems that frequently manage to thwart SQL injections. The injection inserts a random bit of HTML, which misdirects the user to a sham anti-virus site, where they learn they have been infected.
How to know you are at risk?
It takes a while to prepare SQL injection attacks. One was registered in October, but it took until December to show up on the radar. However, most infections have occurred recently. The sites that become infected generally use the same structure with a .php extension file. Only sites built on a Microsoft SQL Server 2003/2005 are affected. The type of sites affected is quite heterogeneous, including a large number of university and international government sites.
Know the enemy
To protect your site, you should know how the malicious script gets into a database. SQL attacks carry out a SQL loop, finding every normal table by searching in the system objects directory. Then every column is embedded with the harmful script, which relies on the system objects table in entirety. This is why it is usually just Microsoft SQL Server databases that are hacked.
Protect your site
So how do you protect yourself against these vicious attacks? You have the standard protection measures, such as using prepared statements, filtering, white- and blacklisting if it is possible to filter for control characters and if it is impossible, respectively. Server admins should check for files that materialize as if out of thin air on the httpdocs directory. This is how malware is embedded in your system. The attack is major and really vast in scope. It is very hard to get rid of this script. Users of security software firm CA, whose site was hacked, are being redirected to a Chinese-hosted malware site.
How do you deal with a SQL injection? First, remove all infected pages on your web site by taking them offline at once. If you can, find out where, how, and when the system was hacked. Talk to (and by all means hire!) a professional, who will detect all the pages that are vulnerable to attacks via SQL injection. Get them fixed. Every single page should be fixed, because even one vulnerable page is enough to corrupt all your data. Then, what you must do is roll your database back to before it was hacked. Make sure you install the Real Player patch if your Real Player is vulnerable as to keep it from getting exploited. Get a reliable AV system, such as AVG. Keep in mind that even if you manage to contain the damage to your system, your clients will spread it because they will download the script as they browse your sites. This could be damaging if their Real Player is vulnerable. Your site is not working properly, and you are embarrassing yourself in front of your clients. Think about it and do not dawdle, waiting for things to fix themselves!