We're still being attacked via SQL Injection. I leave the database that's been targeted most of the time, in single user mode, during off hours. At least that way I don't wake up to find all my tables corrupted or worse, gone altogether.
We're bringing in a security expert to take a look at our sites. We know that the .asp pages have to be fixed and have a pretty good idea of how, but we're a very small shop and until then I'm going to have to deal with this on the database side. I'm doing backups of the database that's been hit the most, every 30 minutes,and I've added some auditing columns and triggers on all the tables so I can see when it happens.
#1) Is there anything else I can do on the database side to protect myself?
#2) Is there anything around that I can use to translate the hexcodes that are being used? For example: