SQL Server hacked?
Posted on 2004-08-11
We're running a SQL 2000 server on Windows 2000. Recently, we noticed that "netstat -a" shows alot of MS-SQL-S connections coming from our server going to addresses in Germany and Russia. I'm afraid we've been hacked using some sort of SQL exploit. I noticed that stopping the SQL service stops the connections, but they start up again as soon as SQL service starts again. Symantec and Trend antivirus scans show nothing, Spybot shows no spyware. How can I tell what is affecting my server and what can I do about it?