?
Solved

Phantom Table In DB

Posted on 2010-11-10
5
Medium Priority
?
583 Views
Last Modified: 2012-05-10
I just noticed that I have a couple of tables in my database that I did not put there.  They are D99_CMD, D99_Reg, and D99_Tmp.  Any idea how they might have gotten there?
0
Comment
Question by:Bob Schneider
  • 2
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
jpdavey earned 1000 total points
ID: 34101223
Sounds like you might have been hacked...

http://forums.crystaltech.com/index.php?topic=31099.15
0
 
LVL 2

Assisted Solution

by:jpdavey
jpdavey earned 1000 total points
ID: 34101234
0
 
LVL 47

Assisted Solution

by:David
David earned 1000 total points
ID: 34101733
JPdavey is right ... you HAVE been hacked.   If this DB contains credit card info, patient medical data, financial data, anything that might fall under HIPAA or an equivalent regulatory agency, then you had better take precautionary measures immediately.

(Check weblogs also and assume the worst)
0
 

Author Comment

by:Bob Schneider
ID: 34102964
I will get on that asap.  No data like that is included but I am sure that is what they are looking for.  I assume this is xss/sql injection at work here.  I have recently put some safeguards in place but they are still getting in.  I am not sure if these tables were created before or after that.  I have deleted two of the three tables but one is not allowing me to delete it.  Any suggestions on how I can do that?
0
 
LVL 47

Assisted Solution

by:David
David earned 1000 total points
ID: 34104289
No idea on why you can't delete something unless it is a permissions thing.   There is always exporting to file, editing, rebuilding database, then importing.    That might not be a bad idea, but suggest you first look at backups and see if this code was added last few days or much longer ago.

Safeguarding is always an ongoing process no easy and best answer other than keep a watchful eye and install some decent security software and monitoring software.   Every site is so different there is really no place to start other than generalize that people need to be granted access in such a way that it prevents automated attacks.   CAPTCHAs  on a web portal maybe?
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

There are some very powerful Dynamic Management Views (DMV's) introduced with SQL 2005. The two in particular that we are going to discuss are sys.dm_db_index_usage_stats and sys.dm_db_index_operational_stats.   Recently, I was involved in a di…
So every once in a while at work I am asked to export data from one table and insert it into another on a different server.  I hate doing this.  There's so many different tables and data types.  Some column data needs quoted and some doesn't.  What …
SQL Database Recovery Software repairs the MDF & NDF Files, corrupted due to hardware related issues or software related errors. Provides preview of recovered database objects and allows saving in either MSSQL, CSV, HTML or XLS format. Ensures recov…
Stellar Phoenix SQL Database Repair software easily fixes the suspect mode issue of SQL Server database. It is a simple process to bring the database from suspect mode to normal mode. Check out the video and fix the SQL database suspect mode problem.

568 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question