?
Solved

Phantom Table In DB

Posted on 2010-11-10
5
Medium Priority
?
551 Views
Last Modified: 2012-05-10
I just noticed that I have a couple of tables in my database that I did not put there.  They are D99_CMD, D99_Reg, and D99_Tmp.  Any idea how they might have gotten there?
0
Comment
Question by:Bob Schneider
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
jpdavey earned 1000 total points
ID: 34101223
Sounds like you might have been hacked...

http://forums.crystaltech.com/index.php?topic=31099.15
0
 
LVL 2

Assisted Solution

by:jpdavey
jpdavey earned 1000 total points
ID: 34101234
0
 
LVL 47

Assisted Solution

by:David
David earned 1000 total points
ID: 34101733
JPdavey is right ... you HAVE been hacked.   If this DB contains credit card info, patient medical data, financial data, anything that might fall under HIPAA or an equivalent regulatory agency, then you had better take precautionary measures immediately.

(Check weblogs also and assume the worst)
0
 

Author Comment

by:Bob Schneider
ID: 34102964
I will get on that asap.  No data like that is included but I am sure that is what they are looking for.  I assume this is xss/sql injection at work here.  I have recently put some safeguards in place but they are still getting in.  I am not sure if these tables were created before or after that.  I have deleted two of the three tables but one is not allowing me to delete it.  Any suggestions on how I can do that?
0
 
LVL 47

Assisted Solution

by:David
David earned 1000 total points
ID: 34104289
No idea on why you can't delete something unless it is a permissions thing.   There is always exporting to file, editing, rebuilding database, then importing.    That might not be a bad idea, but suggest you first look at backups and see if this code was added last few days or much longer ago.

Safeguarding is always an ongoing process no easy and best answer other than keep a watchful eye and install some decent security software and monitoring software.   Every site is so different there is really no place to start other than generalize that people need to be granted access in such a way that it prevents automated attacks.   CAPTCHAs  on a web portal maybe?
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you having speed problem in loading SQL Server Management Studio, try to uncheck these options in your internet browser (IE -> Internet Options / Advanced / Security):    . Check for publisher's certificate revocation    . Check for server ce…
I am showing a way to read/import the excel data in table using SQL server 2005... Suppose there is an Excel file "Book1" at location "C:\temp" with column "First Name" and "Last Name". Now to import this Excel data into the table, we will use…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question