Our web site is based on [url removed, login to view] amd is running on a shared hosted server that is an IIS server. The database we use is MS Access.
Recently, we have had some hacking attacks on our web site where the all the data that can be accessed from web pages into the database is overwritten by the hacker. They were not able to overwrite things like Members llist that is not accessible from the web pages (or maybe they could access but did not overwrite them).
After reading on internet, my best guess is that this is a sort of "SQL injection hacking" technique where they add some query at the end of our SQL query and run their malicious code to get write access to the database.
I need someone who is experienced with this and can lok at the code and fix the security loop hole. I know that for an experienced person, this is a very small project. BTW, our web site has total of 8-10 pages and most probably, the fixes will only be in one file that opens the access to database.
If you are an expert in this field - please email us with further questions.
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
[url removed, login to view] web site running on an IIS server.
Using MS Access database.