[thelist] Website Hacked?

Anthony Baratta anthony at baratta.com
Wed May 28 10:56:50 CDT 2008


If you are using in-line SQL you should be moving to stored procedures. See Ken's previous message in this thread about parameters and proper use of DB Connection Objects.

Also, if you are using the SA user for your Web Connection - stop. Setup a limited rights user and use that instead.

I don't think you want to disable the SA user, there maybe dependencies within SQL Server that needs the account active. I've always setup a strong password and left it alone.

-----Original message-----
From: "Todd Richards" todd at promisingsites.com
Date: Wed, 28 May 2008 08:17:57 -0700
To: thelist at lists.evolt.org
Subject: Re: [thelist] Website Hacked?

> OK, so I did sit down with the server logs this morning (IISLogViewer is a
> nice free utility for IIS, btw), and as Anthony mentions that was the
> problem.  I'm seeing several places where they hit my search.asp file with a
> query of "letter=n" (normal query) followed by
> ";DECLARE%20 at S%20NVARCHAR(4000);SET%20S=CAST(0X..."
> So it looks as though I need to go through and see where the ball was
> dropped.
> As a follow up question, while the discussion turned to DB permissions, I
> see that the SA user has access to a lot of stuff.  I know that I changed
> the password for it, but couldn't I just disable it?
> Thanks again for all of your help and input.  
> Todd

More information about the thelist mailing list