If you have been attacked don't feel bad as an Internet search of "b.js" reveals tens of thousands of hacked sites.
The attack cleverly appends a series of SQL commands onto your querystrings and if your code is unprotected, and you don't use Access databases, the commands may be passed on to your SQL server and the damage done.
However, this attack could render your website as "unsafe" in search engine results.
Reversing the Damage
We are also extremely fortunate that the changes can be easily reversed with a few changes of the attackers original SQL commands.
Simply execute the following to clean up the damage. If you have been attacked multiple times (ie. you have multiple script blocks appended to your SQL data) then you will need to execute the following script for each attack.
by John Avis | February 20, 2019
I was recently doing some work on a website which has a mixture of older Classic ASP pages and ASP.NET Web Forms pages and ran into problems with custom error pages.
by John Avis | March 21, 2017
I recently needed to change a client's website to send emails using Amazon SES and encountered a few issues.
by John Avis | June 8, 2016
Although probably no one cares about Classic ASP, except those who still need to support it, I was refreshing my memory today on how to use classes in Classic ASP and found a couple of options for simulating constructors with parameters.