data just started disappearing. It is being accessed by asp via his
website and when the data is being inserted it seems to all of a
sudden drop all data in the table. Earlier in the day the table
disappeared all together. Anyone ever see this?
LSThis can happen if the website is being "hacked". This is done via SQL
Injection, where by DDL language is used in the fields that are on the
screen. With the clever use of quotes and semi-colons, a hacker can issue a
TRUNCATE TABLE or DROP table.
Oscar...
"Len Svitenko" <its_goodtobethe_king@.yahoo.com> wrote in message
news:6092a26a.0401181707.3134bde1@.posting.google.c om...
> I have a client running SQL server 2000 on Windows 2003. Yesterday
> data just started disappearing. It is being accessed by asp via his
> website and when the data is being inserted it seems to all of a
> sudden drop all data in the table. Earlier in the day the table
> disappeared all together. Anyone ever see this?
> LS|||its_goodtobethe_king@.yahoo.com (Len Svitenko) wrote in message news:<6092a26a.0401181707.3134bde1@.posting.google.com>...
> I have a client running SQL server 2000 on Windows 2003. Yesterday
> data just started disappearing. It is being accessed by asp via his
> website and when the data is being inserted it seems to all of a
> sudden drop all data in the table. Earlier in the day the table
> disappeared all together. Anyone ever see this?
> LS
You can use Profiler to trace all SQL to the server, and see where the
DELETE or TRUNCATE statements are coming from. It may be a genuine
error in application code, or it may be malicious exploitation of a
security hole.
Simon|||Have a look at Erland's site which has more info on this :
http://www.algonet.se/~sommar/dynam...html#Security2
"Oscar Santiesteban Jr." <oscarsantiesteban@.worldnet.att.net> wrote in message news:<KjIOb.31844$VS4.992004@.bgtnsc04-news.ops.worldnet.att.net>...
> This can happen if the website is being "hacked". This is done via SQL
> Injection, where by DDL language is used in the fields that are on the
> screen. With the clever use of quotes and semi-colons, a hacker can issue a
> TRUNCATE TABLE or DROP table.
> Oscar...
> "Len Svitenko" <its_goodtobethe_king@.yahoo.com> wrote in message
> news:6092a26a.0401181707.3134bde1@.posting.google.c om...
> > I have a client running SQL server 2000 on Windows 2003. Yesterday
> > data just started disappearing. It is being accessed by asp via his
> > website and when the data is being inserted it seems to all of a
> > sudden drop all data in the table. Earlier in the day the table
> > disappeared all together. Anyone ever see this?
> > LS
No comments:
Post a Comment