We did a recent survey and discovered that 38% of the people who participated didn’t know how much of their web site traffic is coming from mobile devices.
We asked, What was the percentage of your web site traffic coming from mobile (smartphones and tablets) in 2012?
This is how our users answered:
Well, for those of you who don’t know how much of your traffic is coming from Mobile clients, we have SmarterStats to help you find out.
If you haven’t enabled SmarterStats for your hosting account, here’s how to do it:
Log in to Control Panel and go to Stats / Raw Logs.
Click the Enable button next to SmarterStats (Free) (Yup, that’s right! We provide this to you for free. 
)
Alright Martin I have enabled SmarterStats what do I do now?
Well now all you have to do is relax for about an hour and let SmarterStats process the HTTP logs for your site. SmarterStats processes our HTTP server logs for your site to provide you a nice interface.
After the hour has passed, login to your SmarterStats account. You can find the login information in the Stats / Raw Logs section of Control Panel.
When you log in, expand the Report Items folder and expand the Browsers folder too.
Now click on Mobile Phones.
Cool Martin! Now how do I save this report and change the date range at the same time?
Well… if you like the report you see and you would also like to change the date range, all you have to do is click on the Add Favorite icon in the report you just clicked on.
This will then open the Following Window:
Click on the drop down menu next to Default Date Range and choose the date range you wish to use. Then go ahead and choose any of the other settings you wish to use and click on the OK button.
This report will be placed in the Favorites section in SmarterStats.
Another cool thing you can do to stay in the loop is to set up a Custom Report. That way you can have the report emailed to you daily, weekly, or monthly.
Expand the Custom Reports folder. Now click on the New Custom Reports.
The following web page will appear:
Go ahead and enter a name for your report in the name field, choose the Default Date Range, and click on the Report Items tab.
Click Add Item.
Click the drop down menu next to Report Item and select the favorite report you just created.
Now click Save.
This report will now be in your Custom Reports folder.
Click on the Scheduled Email Reports icon.
Click on the Add Email Report icon.
From the Reports drop down menu select the report you just created.
In the Frequency field select how often you wish to receive this report.
In the To field enter the email address you wish to send to.
Now click on Optional tab to add more email address to send to.
You might also want to place a check next to Enable graphical charts (HTML only) that way you get a nice graphical chart to refer to in your email message.
Click Save when finished.
Well, with all that said and done, I hope this helped some of you stay up to date with what type of traffic your web site is receiving.
In this tutorial we will be showing you how to use Request Filtering in IIS to Prevent SQL Injections. We previously did a tutorial called, “How to block bots and spiders with Request Filtering,” and we will touch on a lot of the same concepts here.
Please note that these instructions only apply to our Windows 2008 IIS 7 & Windows 2012 IIS 8 Servers.
First, you will need to make a connection to your site using IIS Manager. Please read our knowledge base article on How to connect to the server using the Microsoft IIS Manager.
Once connected:
Double click the Request Filtering module in IIS Manager.
Now click the URL icon in the Request Filtering module.
Next click Deny Sequence… in the “Actions” section.
In this example we’ll be blocking the common SQL Injection term “varchar” so enter this in the Deny Sequence box and click OK.
So now when someone tries to enter “varchar” into your site’s URL, they will receive the follow error message from the server:
There are a number of other terms that you can also use. Here are some terms you may wish to add to the Deny Sequence rules for your site account as well:
- @@version
- char
- exec
- execute
- declare
- cast
So now when anyone tries to enter any of the above terms into your URL Sequence, they will receive the HTTP Error 404.5 – Not Found error message from the server.
Be Warned! If your site currently uses any of the terms that you deny, you will receive the HTTP Error 404.5 message too. So choose your terms wisely to prevent any issues with your site.
In this tutorial I’m going to show how to check your HTTP logs for a site account in order to find those nasty SQL Injections.
Let’s get started!
In order to complete this task, please make sure you have enabled raw logs for your hosting account by reading our knowledge base article: How do I access the raw log files?
If the SQL Injection happens before enabling the raw log files, then you wont be able to find the SQL Injection since the HTTP logs won’t be provided until the next day, and the past HTTP logs for your site account won’t be available. You may need to Contact Support and ask them if they can provide you with the HTTP logs in order to investigate an SQL Injection.
Please be sure to provide them with the dates of the HTTP logs you wish to access. Also, remember that support won’t have any HTTP logs that are more than 30 days old. If the Injection happened more than 30 days previous, no record HTTP logs will be available for your hosting account.
We’re going to need a special tool to help investigate
To help you search out the SQL Injection from your HTTP Logs, you’re going to need to use a tool called BareGrep. This tool can be downloaded here. Make sure you click on the “Free Version” link (if you like it and think you will put it to good use, consider purchasing the software). It’s a cool little tool because it’s not required to be installed on the computer and just runs off the .exe file.
Time to get down and dirty!
The awesome part about BareGrep it allows you to drag and drop multiple text files into it. This means if you’re not exactly sure of the exact date the injection happened, you can search multiple text files all in one shot.
Open BareGrep and select the text files that you wish to search. Now drag and drop the files into BareGrep’s grey area.
Let’s find those nasty SQL Injections!
We’re going to use a keyword search to find is the line in the HTTP logs where the SQL Injection occurred.
These are the keywords I like to use in BareGrep (feel free to add some of your own):
- - - (that’s two dashes)
- @@version
- varchar
- char
- exec
- execute
- declare
- cast
Now it’s time to enter each of the keywords one at a time into BareGrep’s text field.
Hey! Hey! Hey! We found something!
Now let’s select the lines in BareGrep and see what we can find. Once selected, copy and paste the lines into an empty Notepad document.
You should get a few lines like the following HTTP line below. I know it looks nasty but let me try to explain what certain things are.
ex121209.log 414 2012-12-09 13:17:34 W3SVC100000 WEB151 216.177.71.6 GET /search.aspx home=177&id=1%27%20or%201=@@version-- 80 - 8.8.8.8 HTTP/1.0 Mozilla/4.0+(compatible;+Synapse) - - www.yourhosteddomainname.com 500 0 0 7639 354 531
This part of the line is stating the date and time (PacificTime) the SQL Injection happened.
2012-12-09 13:17:34
The other part is the web server and IP address.
WEB151 216.177.71.6
The following is interesting because it tells you exactly what page it was that was vulnerable to the SQL Injection. This will also give you a clue on what you will need to patch up on your site to prevent it from happening again.
GET /search.aspx
The other part is what they entered in their web browser when trying to check if a SQL Injection vulnerability is possible. If there is vulnerability this code displays an error message along with the SQL database version. This means that the SQL database is answering to the hacker and it’s a dead giveaway that the web application is vulnerable to a SQL Injection.
home=177&id=1%27%20or%201=@@version--
Here comes the best part of the HTTP log, the hacker’s IP address! The example here belongs to Google’s DNS, but this is where the hacker’s IP address will be located in the HTTP logs. Please remember that most people will hide their real IP address and it doesn’t mean that the IP really belongs to the hacker. The evil person could have been using a network that doesn’t belong to them. Most likely a proxy service they like using to hide behind.
Cool thing about this is that if you’re on an IIS 8 or IIS 7 account, you have the ability to block IP addresses using IIS Manager. Please read our knowledge base article on How to connect to the server using the Microsoft IIS Manager.
If you’re on a IIS 6 server you will need to contact our support department. Ask them to block an IP address for you and provide them with the IP you wish to block.
Okay, so you know how they checked for the vulnerability in your application. Where can you find the injection that changed all of your table fields?
For this you will need to keep looking in the HTTP logs. What I like to do next is enter the hacker’s IP address into BareGrep and see all the Injections the hacker used. It will also show you the other parts of your site that the person visited.
What you will need to look for is the following in the HTTP log. This piece of code in the log will be followed by a bunch of numbers and charters. This friends, is where the tables got inserted with the malicious URLs/text to one of your tables on the SQL database. This also means that the page “/search.aspx” is vulnerable to the SQL Injection.
/search.aspx id=10+declare+@s+varchar(8000)+set+@s=cast
Okay, so now you’re ready to prevent the SQL injections from happening on your site.
I have referred people to the following articles in order to prevent a SQL injection from happening again. I really hope this helps you guys and we can see an end to these stinky SQL Injections.
Filtering SQL injection from Classic ASP
Do you have multiple hosting accounts with DiscountASP.NET and would like to keep track of them with one easy login?
Let me introduce the Master Control Panel for DiscountASP.NET. The Master Control Panel has been around for quite some time now. Basically it was created to make managing multiple hosting accounts much easier for our users.
Simply click on this link to get started: Master Control Panel
Click on the “Create a New Master Account” link.
You will be brought to the page shown below. Enter an email address and password that you would like to use as the Master Control Panel login.
Click “Create Master Control Panel Account.”
A verification email message will be sent to the email address you have just entered.
You will then receive the verification code that you will need to copy and paste into master verification box (below).
Click “Create Master Control Panel Account” button after you have entered the verification code.
You will then be prompted to reenter the email address and password that you choose previously.
Click on “Master Control Panel Binding Admin” to start binding your hosting accounts to your master control panel account.
Click on “Bind A Hosting Account” tab.
Enter your Hosting Account credentials as you originally set them up.
Go back to the “Bind A Hosting Account” tab to add more hosting accounts.
Once completed you can simply login with your Master Control Panel email address and password.
