ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Website hacking - tools to help spot issues

<< < (2/4) > >>

Carol Haynes:
I suspect it is a CRON job - my data centre says they have no such feature - anyone know how to set up a cron job to do this?

40hz:
Out of curiosity does anyone know any way to scan MySQL databases for potential injection issues?
-Carol Haynes (May 20, 2014, 11:16 AM)
--- End quote ---

Hoo-boy! Ran into that same question with a few of my clients last year... :tellme:

OWASP has information on procedures to test a database for SQL injection vulnerabilities.

AFAIK, the default automated testing tool is sqlmap. That's what my two clients used as their starting point even though some sources have argued it won't catch everything. You can find info and the download links for sqlmap here.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
--- End quote ---

However, most of what I've read suggests that rather than trying to scan or otherwise test for vulnerabilities, it's far easier to take the precaution of making sure all your SQL statements are paramaterized. Smart money says sanitizing your SQL that way is the only reliable method for stopping injection attacks. Nice short article on that over at Coding Horror. Find it here.

Luck!  8)

joiwind:
My version of cPanel allows cron jobs.

Though this doesn't answer your question about tools to help spot issues, have you thought about read-write permissions ? Surely you could do something with that to protect your folders - and when you need to update your site you adjust the permissions temporarily.

There is also the .htaccess file that you could use to restrict write access.

 cPanel version 11.42.1.16

wraith808:
There is also the .htaccess file that you could use to restrict write access.
-joiwind (May 21, 2014, 05:39 AM)
--- End quote ---

That was my first thought... but when I saw that she was talking about for her clients also (multiple directories) I realized how unfeasible that could become.

Carol Haynes:
Just looking at that MySQL stuff (thanks 40Hz) and I am coming to the conclusion I don't want to do this anymore - too much stuff to learn to be able to be effective and no inclination to learn it.

All I want to do is run a few websites for local people I know and friends and not have to cope with bastards constantly attacking and disrupting everything.

So frustrating!!

Be far simpler in the long run to go back to hand coding pages in HTML without using any scripting languages!!!

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version