Hi,

I just came across a piece of script that has been put into my source code throughout the site...and not by me!!!. Im using ASP pages and sql 2000 db.

Im not sure how they did it but im fearing this could get more serious and end up them hitting my db. Here is example(kind of) of the script im finding...

Code:

<script src="Http://www.domainname.com /a /a .php></script>

HELP!!!!

Not sure about what that could be, but I wouldn't count it out as an attack on your website.

Well, it is not just your site, may be the whole server is under attack. Ask your webhost for this.

It is a cracking/infiltration attemp. Change your FTP password straight away and inform your host as it may be some other client on the server if you are on shared hosting

change your ftp passwords and scan your pc for viruses/spyware

I see similar thing with a unix server, php scripts; somebody was adding pron links on all pages. you should consult with your hosting company asap and check all your scripts.

are you using some scripts like wordpress .. older version of these script are pron to sql injection script

This does look like an SQL injection attack. If you're using an older version of WordPress, this was recently a common exploit. Here is some info about how to fix it if you're using WordPress: http://www.wpbeginner.com/news/wordp...latest-attack/

its not sql injection.. just change your FTP pass and scan your PC, or reinstall your windows

First is it in your data rows? Also are you filtering Apostrophies ( ' ) when on your select and update statements?

If it is in your data, this yes it is injection and to correct it you can do a replace update function in a sql query then make sure you do a replace(str,"'","''") function on your page requests.