Solved

Phantom Table In DB

Posted on 2010-11-10
5
538 Views
Last Modified: 2012-05-10
I just noticed that I have a couple of tables in my database that I did not put there.  They are D99_CMD, D99_Reg, and D99_Tmp.  Any idea how they might have gotten there?
0
Comment
Question by:Bob Schneider
  • 2
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
jpdavey earned 250 total points
ID: 34101223
Sounds like you might have been hacked...

http://forums.crystaltech.com/index.php?topic=31099.15
0
 
LVL 2

Assisted Solution

by:jpdavey
jpdavey earned 250 total points
ID: 34101234
0
 
LVL 47

Assisted Solution

by:dlethe
dlethe earned 250 total points
ID: 34101733
JPdavey is right ... you HAVE been hacked.   If this DB contains credit card info, patient medical data, financial data, anything that might fall under HIPAA or an equivalent regulatory agency, then you had better take precautionary measures immediately.

(Check weblogs also and assume the worst)
0
 

Author Comment

by:Bob Schneider
ID: 34102964
I will get on that asap.  No data like that is included but I am sure that is what they are looking for.  I assume this is xss/sql injection at work here.  I have recently put some safeguards in place but they are still getting in.  I am not sure if these tables were created before or after that.  I have deleted two of the three tables but one is not allowing me to delete it.  Any suggestions on how I can do that?
0
 
LVL 47

Assisted Solution

by:dlethe
dlethe earned 250 total points
ID: 34104289
No idea on why you can't delete something unless it is a permissions thing.   There is always exporting to file, editing, rebuilding database, then importing.    That might not be a bad idea, but suggest you first look at backups and see if this code was added last few days or much longer ago.

Safeguarding is always an ongoing process no easy and best answer other than keep a watchful eye and install some decent security software and monitoring software.   Every site is so different there is really no place to start other than generalize that people need to be granted access in such a way that it prevents automated attacks.   CAPTCHAs  on a web portal maybe?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to eliminate duplicates in a string variable in t-sql? 30 86
kill process lock Sql server 9 75
Query to return total 6 25
Need help how to find where my error is in UFD 6 47
There are some very powerful Data Management Views (DMV's) introduced with SQL 2005. The two in particular that we are going to discuss are sys.dm_db_index_usage_stats and sys.dm_db_index_operational_stats.   Recently, I was involved in a discu…
Data architecture is an important aspect in Software as a Service (SaaS) delivery model. This article is a study on the database of a single-tenant application that could be extended to support multiple tenants. The application is web-based develope…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question