MY Asp.net applications attcked by Malware Ads

Question

1.44/5 (2 votes)

See more:

Dear friends,

MY Asp.net applications, bread winnders of the company, attcked by Malware Ads at some of our customer places. This is causing multiple problems.

1. Customers are thinking that these Ads are created by us.
2. Making users' life difficult to use the application.
3. Customers are not happy owning the application, due to Ads.

We throw a message saying that "We do not display any Ads of any sort. We request users to stick to right browsing practices" each week. But no serious advantage.

One customer on the affected computer, even demonstrated by opening www.google.com, wherein all Ads disappeared. When I open our Asp.net applications, All Ads reappeared. That was fully embarrassing.

Please help us some techniques so that Ads should not come and sit on top of it. Kindly help.

Umesh m.s.
Anush Infobase
Bengaluru, 'Karnataka, India

Posted 21-May-15 8:57am

umesh5656

Add a Solution

Comments

virusstorm 21-May-15 15:30pm

Do these advertisements only appear at your client's location or do they appear at other locations as well.

Richard Deeming 21-May-15 15:40pm

Are the ads being added to your database? If so, you've almost certainly written code which is vulnerable to SQL Injection[^].

The solution is to review all code which touches the database in any way, and make sure you're using properly parameterized queries.

Sergey Alexandrovich Kryukov 21-May-15 17:02pm

It's impossible to teach such technique in few Quick Answers. Besides, it might be not your fault, but the fault of your hosting provider. We don't have enough information to find out what happens; serious investigation is needed.

I hate to say so, but your message "We do not display..." only shows to the users that you are helpless and some may consider it as plain lie, even those who may believe you did not put these ads yourself. No matter what happens, this fallacy will be considered as your responsibility, The fact that the adds are not yours can only make such opinion worse, it shows that you don't control your content, so it can bring something even worse (viruses, malware) to the client. Some may blacklist your side, for some good reasons, and so on.

—SA

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Answer 1 · 2015-05-21T21:31:00

Solution 1

Get your site penetration tested ("pen tested") to see if there are any flaws in the code you're not aware of. Most likely culprit is SQL Injection attacks. Google what these are and look at your code to see if any of it falls foul.

Posted 21-May-15 21:31pm

F-ES Sitecore

umesh5656 · Answer 2 · 2015-05-22T06:18:00

Thanks for all the kindness you guys demonstrated by replying to my problem. I do not know how much I will be useful to you when you share your problems.

As far as Ads are concerned, these are appearing in one or two computers among 15 different modes used across geographies. Even when they format the computer and load OS again, then these Ads will not be there.

I am sure of the fact that there is no "SQL injection" happening. We tried installing on malware preventing app at one place. That worked. However, there are 10s of such places and customers keep using in different computers. It is impractical to depend on Malware preventing Apps in this case.

I wish to incorporate something in the code or delivery method so that these Ads are eliminated permanently.

Please be kind enough to get back.