Spam can show itself in many forms. Along with e-mail spam (which we are all familiar with), there are many cases of websites being bogged down with spam. You may have seen this in comments sections of some websites, or even content that is submitted by malicious users. In rarer situations, a hacker may find and exploit a vulnerability in the code or database that the website is running on. This is known as a SQL injection.
While we all have a ‘junk’ inbox for our spam, a web master may have significant difficulty removing spam that has been added to his/her website. This is especially common with SQL Injection, as the code added to the database may not be visible from the administrative section of a Content Management System. This was the case with Scatena Daniels.
Scatena Daniels is a PR and Advertising Agency for charities and non-profits, and focuses its work primarily in the Southern California region. Upon performing some simple updates to their website recently, they noticed their website acting very strange. They contracted Sandia Digital, and we found that the Scatena Daniels database was populated with over 14,000 pieces of malicious spam!
The spam code read:
</title><div style="display:block; text-indent:-5670px;"><a href="http://buy-cialis-onlineusa.com">generic cialis</a></div>
The above code showed up all over Scatena Daniels’ site, and threatened both their users with malicious links as well as their Google SEO rating. Sandia Digital needed to act quickly to remove it.
Under normal circumstances, a simple SQL script could be run to remove the injected code, however there were two issues surrounding the Scatena Daniels installation.
- The database field types affected were outdated.
- SQL could not be run directly on the older hosting platform.
Sandia Digital came up with a plan to use a PHP page to run a SQL query. This query modified the outdated field types and simultaneously removed the spam from affected fields. This was done all while the site was live, and there was zero downtime. While many firms would charge thousands to have this work done, Sandia Digital’s cost was under $1,000 and took about 15 hours to perform.
Scatena Daniels is currently spam free, and is having their website’s content management system redeveloped to prevent future SQL injection. Sandia Digital is very proud of our contribution to a wonderful agency.