Website and server vulnerabilities fixed by Virya Technologies

Error

JUser::_load: Unable to load user with id: 80

Website and server vulnerabilities fixed by Virya Technologies

11 March 2011 Ruth Cheesley 0 Comment

Rate this item

(1 Vote)

We were approached by a company who had received an email from an individual suggesting that several areas of their ASP e-commerce website and Windows Server were vulnerable to attack, and provided details of how information from their database could be retreived by following certain processes.

Don't panic ...

Obviously this is quite a terrifying realisation to have- that your website (and potentially your entire server) is insecure and has already been comprimised - and if you don't have your own in-house IT team, it can be quite daunting to know where to start with fixing the problems. In fact, even if you have an in-house team, sometimes issues like this can be beyond their capabilities, or require an outsiders eyes to see beyond the obvious and uncover other problems or 'back doors' left by intruders.

Investigation and testing

As soon as we were contacted our IT Manager Ben Tasker conducted a full penetration test of the server, including an assessment of the company's awareness of data security and the Data Protection Act (which we use in our overall report). This identified some extremely poor practice in the coding of the website, which used outdates ASP technology without any validation or basic injection protection precautions - meaning that you could type anything into the text fields (including database commands) and the system would accept and act upon them - in this case displaying data from the client's database.

We also identified and fixed numerous other elements of the site which were significantly vulnerable and suggested action on other areas such as upgrading the server (which was running an outdated operating system and web server, therefore, in itself, vulnerable to attack due to a well-reported unpatched vulnerability).

Our penetration testing reports allow you to identify the severity of risks which we find on a Red-Amber-Green scale, and hence prioritise where to take action.

The testimonial from our client says it all really:

Customer Testimonial

I have absolutely no idea what you actually did for our company but it soved our problem! I feel that what was done was achieved professionally and willingly often going above the requirement for a nuts and bolts approach. A great service and good guys to deal with.

If you are having problems with a hacked, comprimised or vulnerable Windows or Linux server, ASP, PHP, Joomla!, Wordpress or other CMS system, please don't hesitate to get in touch with us. The sooner we start investigating, the more we can limit any damage.

Last modified on Friday, 11 March 2011 21:16

Read 457 times

Published in Case studies

Tagged under

Ruth Cheesley

Ruth is the owner and Director of Virya Technologies, having founded the company in 2002 as Essex Virus Removals and later rebranded to Suffolk Computer Services. She is primarily involved with managing the website design team and liaising with our clients from across the world.

Website: www.viryatechnologies.com