hey folks
i recently had a SQL server db (not on Jodo) hacked into, and i'm trying to find out how they got in. Looks like it was with sql injection or something, because the security permissions on the server are pretty tight.
I understand the ldf log file is pretty much useless for backtracking.
all rows in many of the tables were replaced with "hacked by..."
and additional tables were added (although most seemed empty).
in addition, there are some files that we found on the server, called hex.asp , a.asp, abc.asp etc, and they all seem filled with gibberish (to me), but they all start with a few chars and then "Microsoft SQL ServerSPAD"
and end with the physical location of the database and log file of my SQL db on the server.
does any of this mean anything to someone?
much appreciated!
i recently had a SQL server db (not on Jodo) hacked into, and i'm trying to find out how they got in. Looks like it was with sql injection or something, because the security permissions on the server are pretty tight.
I understand the ldf log file is pretty much useless for backtracking.
all rows in many of the tables were replaced with "hacked by..."
and additional tables were added (although most seemed empty).
in addition, there are some files that we found on the server, called hex.asp , a.asp, abc.asp etc, and they all seem filled with gibberish (to me), but they all start with a few chars and then "Microsoft SQL ServerSPAD"
and end with the physical location of the database and log file of my SQL db on the server.
does any of this mean anything to someone?
much appreciated!
