Jul 07 2008
PGFA website down | A Technical Explanation
Dear Members,
PGFA have fallen victim to what appears to be a nefarious SQL Injection attack. Our website is running on ASP Classic which is an old application that requires some protection updates for the vulnerable parts and changing codes of such a huge website requires some time, two of our developers are working 12 hours daily to resolve the issues. However for now we have to clean the database to remove some text injected into by Trojans, we are finally reached to what we call a short term solution to this problem.
Actually some hacking text has been appended to every column that contains some Characters, Because it has infected Text fields we cannot use website’s functions example your username is an email address and after injection im@alisaeed.com would become hackingtext+im@alisaeed.com and we can login with this info.
So we written a small application which removes Garbage from the database http://www.pgfa.org/garbagekiller.asp (only use when cant login and keep refreshing till you got success message)
Hope fully the long term solution is in way and we will be safe by end of this week, inshallah
So GO GO GO… post all your pending reports… we are eager to see them
Good Fishing
Ali Saeed
