Hello everyone,
Sorry for my poor English
in recent months we are literally ravaged by cyber attacks on ours websites that cause insertion on them of various hidden strings (<div style = "display: none"> ...) containing invitations to buy VIAGRA AND CIALIS. We passed hours over the research of the
server log files for clues, but we do not find anything.
It does not seem to be a classic sql injection, to which we are already protected by a strict "request filtering". The only "evidence" that seems to come out is the call to ScriptResource.axd (eg ScriptResource.axd d = dvG6TfJvv9lEBUXJUZHnSmh2oP_iv3k3AlYodbE9n2IjZrVb
aaHAyB8CVchRKX_gIzRfRVI1ZH-UF3O-WiYBsbcOgK8mGpUh0hzO5UMFl-68KMkHYkA9CWzXz8k3uAMiLYtrWWvRfIRo-1akskCTANjKbFSAj1eydc42BcBxeavKmMtDBzk7Fvhjj0AOQnN w0 & t = ffffffffeea0dba9)
Our Server is Windows Server 2012.
Reading various documentations I discovered that ScriptResource can be used for attacks of this type. I ask you: Is there a valid countermeasure ON IIS to prevent this kind of attack?
Thank you so much for any help,
Francis.