I run a website using joomla and an sql database.
The site was subjected to an sql injection attack [Remote File Inclusion] that appears to have been successful. Initially it looked as if no harm had been done but, subsequently, it would appear that the database is corrupted.
I have the ip address of the attacker. It is a fixed ip address belonging to a 'dedicated' server. This server is owned by an isp who is renting dedicated access to the user.
If I go to this ip address I get a control panel log in page.
The owner of the ip address has another ip address, one digit different, which is 'his' website on the same server.
The 'his' is a commercial organisation with several sites and multiple PCs.
Is there a way to trace the PC responsible? [It may be possible to get physical access to any of the sites and remote access to the server].
Alternatively, to narrow the search, is it possible to identify the site?
The site was subjected to an sql injection attack [Remote File Inclusion] that appears to have been successful. Initially it looked as if no harm had been done but, subsequently, it would appear that the database is corrupted.
I have the ip address of the attacker. It is a fixed ip address belonging to a 'dedicated' server. This server is owned by an isp who is renting dedicated access to the user.
If I go to this ip address I get a control panel log in page.
The owner of the ip address has another ip address, one digit different, which is 'his' website on the same server.
The 'his' is a commercial organisation with several sites and multiple PCs.
Is there a way to trace the PC responsible? [It may be possible to get physical access to any of the sites and remote access to the server].
Alternatively, to narrow the search, is it possible to identify the site?