How I Prevent my site from hacking.

I just wanted to share my work around for sql injection. I applied security at multiple places. First i created a method which takes value of querystring and checks for some malicious text like “Declare”,”Cast”,”Convert”,”Var”,”‘”,”,””,”Drop”,”Delete”,”Update”,”Insert”,”Create”,”Set”,”Database”. If this function finds any of these malicious codes, it will first get an IP# of the requesting machine and stroes it to the MaliciousIP table and rejects the request by just refreshing the page. Showing some kind of message may provide them some kind of hints which they can make use of.
The IP# which belongs to MaliciousIP would be allowed to enter same data only two more times, after that it will be blocked forever. Again not messages. This helps us to frustrate them a bit. And this is what our tsk is, to frustrate them and make them leave wrong attempt.
The third security step i took is using a “Check” constraint. I have some very important tables in my database, which i needed to make sure should not be affected at all. I attached “Check” constraint with the help of expression including keywords like “”,”/”,”.js”,”!”,”–”. These chck constraint can reject data coming in with these words.
Similar kind of security blocks you can follow according to your requirement. I would appreciate suggestions if any is available for this concern.
Hackers are among us, and we can defeat them, just keep your spirit up.

Advertisements

~ by UTS on May 11, 2009.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: