Solved

Phantom Table In DB

Posted on 2010-11-10
5
536 Views
Last Modified: 2012-05-10
I just noticed that I have a couple of tables in my database that I did not put there.  They are D99_CMD, D99_Reg, and D99_Tmp.  Any idea how they might have gotten there?
0
Comment
Question by:Bob Schneider
  • 2
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
jpdavey earned 250 total points
ID: 34101223
Sounds like you might have been hacked...

http://forums.crystaltech.com/index.php?topic=31099.15
0
 
LVL 2

Assisted Solution

by:jpdavey
jpdavey earned 250 total points
ID: 34101234
0
 
LVL 47

Assisted Solution

by:dlethe
dlethe earned 250 total points
ID: 34101733
JPdavey is right ... you HAVE been hacked.   If this DB contains credit card info, patient medical data, financial data, anything that might fall under HIPAA or an equivalent regulatory agency, then you had better take precautionary measures immediately.

(Check weblogs also and assume the worst)
0
 

Author Comment

by:Bob Schneider
ID: 34102964
I will get on that asap.  No data like that is included but I am sure that is what they are looking for.  I assume this is xss/sql injection at work here.  I have recently put some safeguards in place but they are still getting in.  I am not sure if these tables were created before or after that.  I have deleted two of the three tables but one is not allowing me to delete it.  Any suggestions on how I can do that?
0
 
LVL 47

Assisted Solution

by:dlethe
dlethe earned 250 total points
ID: 34104289
No idea on why you can't delete something unless it is a permissions thing.   There is always exporting to file, editing, rebuilding database, then importing.    That might not be a bad idea, but suggest you first look at backups and see if this code was added last few days or much longer ago.

Safeguarding is always an ongoing process no easy and best answer other than keep a watchful eye and install some decent security software and monitoring software.   Every site is so different there is really no place to start other than generalize that people need to be granted access in such a way that it prevents automated attacks.   CAPTCHAs  on a web portal maybe?
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Set the max value for a column 7 39
ms sql + top 1 for each customer 3 56
How to import SQL 2000 database to SQL 2014 5 136
Query group by data in SQL Server - cursor? 3 46
Recently, when I was asked to create a new SQL 2005 cluster, Microsoft released a new service pack for MS SQL 2005 what is Service Pack 3. When I finished the installation of MS SQL 2005 I found myself troubled why the installation of SP3 failed …
There are some very powerful Data Management Views (DMV's) introduced with SQL 2005. The two in particular that we are going to discuss are sys.dm_db_index_usage_stats and sys.dm_db_index_operational_stats.   Recently, I was involved in a discu…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question