back to article 1,000+ webpages poisoned in latest mass malware hack

Yet another mass compromise is hitting poorly configured websites, and at least one of the afflicted is a security site that plays up its prowess in warding off the very type of attack it has been smitten by. At least 17 pages on idera.com were hit by a quick-moving SQL injection attack on Friday, including one titled “ …

COMMENTS

This topic is closed for new posts.
  1. James O'Shea
    Unhappy

    this is getting tedious

    Why is it that so many alleged professionals have so much trouble blocking such a simple attack? This is getting beyond a joke now. What's _wrong_ with them? Why, at this late date, does this still happen? Why?

    1. Anonymous Coward
      FAIL

      Because...

      ... (as with so much of life) the easier and more common-place some things become, like coding up a SQL-based content website, the more semi-skilled numpties will earn a simple crust doing so - badly!

    2. pitagora

      The title is required, and must contain letters and/or digits.

      the reason is how easy php is. Anybody can learn it and think he masters it in less then a month. Imagine the websites he creates, the scripts etc.

      Second reason open source....when a large application like wordpress is open source hackers can analyze it to find bugs. It a lot quicker then black box testing. Proprietary solutions are harder to crack, provided that the developers test it properly first, or hire some pentesters.

  2. Anonymous Coward
    Anonymous Coward

    The Phucket Gazette?

    Wonder if that's what they think of security. You know what? Phucket.

  3. Anonymous Hero
    FAIL

    @this is getting tedious

    I know. I work for a hoster, we get blamed because the end users and their developers think our platform is insecure and can't/won't believe their code is to culprit.

    When I investigate these claims it makes me weep when I see their data access code or code that managed file uploads and the like.

  4. OffBeatMammal

    easy hack vs harder code

    part of the problem is that - in any language - it's easier to write something like connection.execute("SELECT a,b,c FROM d WHERE username='" + form.username + "''") than set up and execute a properly validated and formatted stored procedure call

    For newbie developers - fresh out of primary school and deploying their first web2.0 project finding simple best-practice recipies is also tough and until you've been burnt it's hard to realise why it's so important

  5. Winkypop Silver badge
    Alert

    Three easy answers

    1. Constant staff reviews/reorganisations

    2. Cost-cutting - penny pinching

    3. Management Accountants

  6. Anonymous Coward
    Unhappy

    @James

    Chances are they are not professionals, but by people that know a little about pc's and therefore are "experts", shoved into doing this by their bosses who don't want to pay for the websites to be built correctly, but still expect a wonderful media rich web 2.0 experience.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021