Crashed DB

[Jsauerii]

Something or some changes you guys made has taken down a web site by altering the MSSQL DB.

As par for the course about once a year something get wiped out on that site and its always something I did that causes it until its looked into.

The support center is saying I altered the DB tables and that is just an excuse. I have not altered the structure of that database since it was created years ago (thanks Stephen (I believe it was)). I have not altered the pages code in a few years and yet supposedly i just made some changes......

Obviously they altered something else yesterday while looking into it as now the error is happening earlier in the code than when it was first noticed. It has been down for around 2 weeks but I didn't learn of it till yesterday due to email miss communication.

Someone please fix my DB and get it back like it was before "whatever" was altered in the DB as support is off on their usual "it's the customers fault" (which I am sure it often is) and I can't afford for this to take as long to resolve as usual.

 

[Stephen]

Jsauerii,

We don't edit DBs ever, the only queries we will run are those clients give us to run.

Most likely it was the SQL injection trojan mentioned multiple times in the DB section and the Announcements section.

if it happened two weeks ago we may not have the backups to restore it, get a request in ASAP and there is some slight chance we may have one old enough.

 

[Jsauerii]

Jsauerii,

We don't edit DBs ever, the only queries we will run are those clients give us to run.

Most likely it was the SQL injection trojan mentioned multiple times in the DB section and the Announcements section.

if it happened two weeks ago we may not have the backups to restore it, get a request in ASAP and there is some slight chance we may have one old enough.

Thanks for the response Stephen

I did request that and I asked the live chat support if that trojan was a possibility and they said it was not and had not effected me.

Its been 4 plus hours since I have gotten response from me entries to support.

 

[Jsauerii]

Ok, It was hacked though hopefully mildly. Found references to a script on:

http://www.bnradw.com << Hacker Site Do Not Go <<

Odd thing is that this isn't even a editable field from admin if I remember right.

 

[Stephen]

Ok, It was hacked though hopefully mildly. Found references to a script on:

http://www.bnradw.com << Hacker Site Do Not Go <<

Odd thing is that this isn't even a editable field from admin if I remember right.

It doesn't matter what the form is, on if it is editable for this sql injection, as long as there is DB access it can do the edit.

 

[Jsauerii]

It doesn't matter what the form is, on if it is editable for this sql injection, as long as there is DB access it can do the edit.

Ok, I am not sure how but that DB field was supposed to be an int and was changed to Char so I removed the scripts crap and and now trying to figure out what was changed yesterday that is causing it to crash in a different place. Now i cannot even get to the point of what I fixed which is what was causing failure yesterday

 

[Stephen]

Ok, I am not sure how but that DB field was supposed to be an int and was changed to Char so I removed the scripts crap and and now trying to figure out what was changed yesterday that is causing it to crash in a different place. Now i cannot even get to the point of what I fixed which is what was causing failure yesterday

btw it was indeed sql injection, some logs will be heading your way soon if not already.

 

[Jsauerii]

The oldest Backup was a week ago, I have no idea how to stop a hack if I have no way of knowing how they altered it.
I changed the hacked part but it still fails.....

(edit you posted when I did ) I got those logs but don't understand them. it looks like it was happening a bit ago but tha'ts when I was altering them....

 

[Stephen]

The oldest Backup was a week ago, I have no idea how to stop a hack if I have no way of knowing how they altered it.
I changed the hacked part but it still fails.....

they altered it through injection, I'd recommend you see this post:

http://support.jodohost.com/showthread.php?t=12455

it has a code scanner and some recommendations for fixing the issues in the code that allow injections.

 

[Jsauerii]

lol, figures. I run that M$ code scanner tool and get no info. Nothing happens. Don't know if that means nothing was found or what.

Any working windows based stuff to check?

 

[Jsauerii]

Ok, oddly enough not only was there an injection but it seems that the DB or server (something) was altered yesterday to where it was not called the same way as before??

I got it to work by the following:

Originally:
SELECT * FROM (MyDBName).(MyDBtableName) WHERE Category = (blah blah blah)

Changed To:
SELECT * FROM (MyDBtableName) WHERE Category = (blah blah blah)

And it now works again.

 

[Stephen]

no nothing changed on the server.

However, that scanner requires ASP.Net 3.5 if it doesn't run you probably don't have 3.5 on your local PC.