挂在外网的OA系统一直运行正常，前几天收到通知说网站被攻击，域名解析被撤销，限期整改，这让人很头疼，不知道是什么地方出了问题，以前对安全方面的问题没有深入的了解，只能自己尝试着做，
1、把日志显示收到攻击的页面全部删除，
2、在conn.asp中加入防sql注入的代码，
3、做了session的超时验证，
但总是感觉不放心，请问大侠们，有什么更好的安全措施吗，比如编译加密一类的，直接原样重现的代码总是不安全的。

被攻击的两个页面中，一个使用了ajax，另一个是被ajax调用，是说明ajax容易被攻击吗，我把ajax相关的页面和js全部删除了，会安全一些吗？？

关注这个问题。我的个人网站留言簿经常被发布莫明其妙的留言（见下图），我怀疑是用程序自动发的，但找不到防范的办法。

恶意留言和攻击文件的性质不同吧，asp文件有没有什么用来加密和反加密的工具呀

asp网站被攻击很大可能还是被注入，就是传递的参数判断不够严格造成的

只要在连接数据库以前加上防注入的代码就行了吗？

asp代码加密工具 10.0，我刚用这个工具加密了，不知道大侠们用没用过这个工具，安全性如何。

过滤不安全字符，加密的话，最好搞成dll有服务器条件。

<%
function CheckStr(mystring) ''过滤危险字符函数
  mystring=replace(mystring,"'"," ")
  mystring=replace(mystring,","," ")
  mystring=replace(mystring,""," ")
  mystring=replace(mystring,"="," ")
  mystring=replace(mystring,"-"," ")
  mystring=replace(mystring,"/"," ")
  mystring=replace(mystring,""""," ")
  mystring=replace(mystring,"&"," ")
  mystring=replace(mystring,"<"," ")
  mystring=replace(mystring,">"," ")
  mystring=replace(mystring,"%"," ")
  mystring=replace(mystring,";"," ")
  mystring=replace(mystring,"?"," ")
  mystring=replace(mystring,"or"," ")
  mystring=replace(mystring,"*"," ")
  mystring=replace(mystring,"chr"," ")
  mystring=replace(mystring,"select"," ")
  mystring=replace(mystring,"and"," ")
  mystring=replace(mystring,"exec"," ")
  mystring=replace(mystring,"insert"," ")
  mystring=replace(mystring,"delete"," ")
  mystring=replace(mystring,"update"," ")
  mystring=replace(mystring,"count"," ")
  mystring=replace(mystring,"master"," ")
  mystring=replace(mystring,"char"," ")
  mystring=replace(mystring,"mid"," ")
  mystring=replace(mystring,"declare"," ")
  mystring=replace(mystring,"truncate"," ")
  mystring=replace(mystring,"“"," ")
  mystring=replace(mystring,"‘"," ")
  mystring=replace(mystring," ","")
  mystring=replace(mystring," ","")
  'Fy_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
  CheckStr=mystring
end function '过滤危险字符函数
%>