netwhw
asked on
MSSQL Table disappear
HELLO,
A MSSQL Server that handles several queries daily,
last night on of my tables just got empty.... I have no stored procedure that could do that or what ever,
What could it be ?
I am thinking of injection, somehow, i dont really know because all users that access the sql via website are restricted and do not have delete operation enabled
A MSSQL Server that handles several queries daily,
last night on of my tables just got empty.... I have no stored procedure that could do that or what ever,
What could it be ?
I am thinking of injection, somehow, i dont really know because all users that access the sql via website are restricted and do not have delete operation enabled
there is a free log analyzer for sql server 2000
http://www.red-gate.com/products/SQL_Log_Rescue/index.htm
use it and find out which statement got your table empty
http://www.red-gate.com/products/SQL_Log_Rescue/index.htm
use it and find out which statement got your table empty
well, every transaction is written in transaction log file, if you are talking backup of transaction log than there is a chance to restore transaction log backup until the exact time you doubts for deleting records. one easy method is provided above, use red-gate tool which is free for SQL Server 2000. other than these, there is no way to do so.
ASKER
But have you ever seem that ?
ASKER
A table complelty wiped ?
How can i check if my server has been compromised ?
How can i check if my server has been compromised ?
>>But have you ever seem that ?<<
didn't get you...
didn't get you...
red-gate can help you to recover data but can't help you to check whether you are injection affected or not, that you will have to find out with few different ways.
--check you logs (SQL Server log and OS log)
--keep watch on your transaction log file
--check you logs (SQL Server log and OS log)
--keep watch on your transaction log file
ASKER
Can you guide me on that ?
--check you logs (SQL Server log and OS log)
--keep watch on your transaction log file
BEcause, i had a autobackup at 2 am, and at 2:07 the table was wiped.
I dont know, could it be a malfuncition ?
--check you logs (SQL Server log and OS log)
--keep watch on your transaction log file
BEcause, i had a autobackup at 2 am, and at 2:07 the table was wiped.
I dont know, could it be a malfuncition ?
ASKER
I already recovered the data, but my website is offline for now
go to your log in control panel and check whether any failed attempt to login was happened or not.
ASKER
No, it doesnt show any failed logins on my logs
ASKER
Do you can think of any other place to search ?
I always used to see logs in any doubts, nowhere else.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
While my guess is that it's an application-related problem, you never know about server security. I know MSSQL has some EXEC privileges that are often left wide open and can be exploited to gain access to a server. Some things to look for:
1. See if there are any unexpected tasks running in Task Manager.
2. Download and install Security Task Manager from Neuber - it can sometimes see tasks that are hidden from the regular Windows Task Manager, and if your server's been compromised by a rootkit or anything, then it's probably going to be a hidden process.
3. Look for any unexpected differences on the system. For example, sudden decrease in available disk space, new/unexpected services (run "services.msc" to see the services on the system), decrease in general speed, new tray icons, etc...
1. See if there are any unexpected tasks running in Task Manager.
2. Download and install Security Task Manager from Neuber - it can sometimes see tasks that are hidden from the regular Windows Task Manager, and if your server's been compromised by a rootkit or anything, then it's probably going to be a hidden process.
3. Look for any unexpected differences on the system. For example, sudden decrease in available disk space, new/unexpected services (run "services.msc" to see the services on the system), decrease in general speed, new tray icons, etc...
ASKER
It was a TRUNCATE Command, we fixed the problem ! Thanks!
ASKER