My website was hacked twice. I need somebody to help point out the insecurities in the website, script, db, etc.
Here's the details:
- ASP scripts (not asp.net)
- Windows 2003 IIS box in a shared environment
- access database
- The site is a web directory, so users can recomend sites and it get written to the database
- When users write provide site recomendations, it writes a cookie to remember their email address that they entered.
The first hacker, replaced my [url removed, login to view] file with text. The second hacker removed the [url removed, login to view] file and replaced it with his [url removed, login to view] file.
I will create a development area where you can work in and test in there. To review the site go to g a d g e t h a c k s . c o m (all one word with no spaces).
What I need:
1. Identify and explain the vulnerabilities in the site (I must be able to reproduce it so that I know that's what happened).
2. Provide recomendations on what I can do to help protect it.
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
Windows Windows 2003 IIS, ASP