Solved

Phantom Table In DB

Posted on 2010-11-10
5
542 Views
Last Modified: 2012-05-10
I just noticed that I have a couple of tables in my database that I did not put there.  They are D99_CMD, D99_Reg, and D99_Tmp.  Any idea how they might have gotten there?
0
Comment
Question by:Bob Schneider
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 2

Accepted Solution

by:
jpdavey earned 250 total points
ID: 34101223
Sounds like you might have been hacked...

http://forums.crystaltech.com/index.php?topic=31099.15
0
 
LVL 2

Assisted Solution

by:jpdavey
jpdavey earned 250 total points
ID: 34101234
0
 
LVL 47

Assisted Solution

by:David
David earned 250 total points
ID: 34101733
JPdavey is right ... you HAVE been hacked.   If this DB contains credit card info, patient medical data, financial data, anything that might fall under HIPAA or an equivalent regulatory agency, then you had better take precautionary measures immediately.

(Check weblogs also and assume the worst)
0
 

Author Comment

by:Bob Schneider
ID: 34102964
I will get on that asap.  No data like that is included but I am sure that is what they are looking for.  I assume this is xss/sql injection at work here.  I have recently put some safeguards in place but they are still getting in.  I am not sure if these tables were created before or after that.  I have deleted two of the three tables but one is not allowing me to delete it.  Any suggestions on how I can do that?
0
 
LVL 47

Assisted Solution

by:David
David earned 250 total points
ID: 34104289
No idea on why you can't delete something unless it is a permissions thing.   There is always exporting to file, editing, rebuilding database, then importing.    That might not be a bad idea, but suggest you first look at backups and see if this code was added last few days or much longer ago.

Safeguarding is always an ongoing process no easy and best answer other than keep a watchful eye and install some decent security software and monitoring software.   Every site is so different there is really no place to start other than generalize that people need to be granted access in such a way that it prevents automated attacks.   CAPTCHAs  on a web portal maybe?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION: While tying your database objects into builds and your enterprise source control system takes a third-party product (like Visual Studio Database Edition or Red-Gate's SQL Source Control), you can achieve some protection using a sing…
Data architecture is an important aspect in Software as a Service (SaaS) delivery model. This article is a study on the database of a single-tenant application that could be extended to support multiple tenants. The application is web-based develope…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question