My Database is behing hacked by someone again and again.

[Danish_555]

Hi Forum,

Hope you are fine....

Here's someone hacking my database whenever I run my website...and removed all the data from database. I tried changing passwords, uploading data again and again....bt that hacker is attempting continiously...

Now I am really fed up....and hoping that here's someone who can help me out as how can I save my website...

Any help would be highly appreciated!!..

Kind Regards,
Danish'

[PhilipToop]

I would look at three things

1. Ensure you are not deleting the data yourself. A badly formed Sql statement can be a dangerous thing.

2. Ensure that all data that comes in does not go directly into a sql statement without being quoted. Form data such as id=1 might come in by a malicious user as id=1;Delete * from user; - if you do not quote the id the delete will be action. Also filter out null characters from any data as well.

3. Investigate what access they is to the database and tie it down to as few users as possible.

And also

monitor activity, sql statements and run a regular job to check the existence of data so that you have a time frame to lot at the log.

[Danish_555]

Thanks PhilipToop for you informative answer.

I checked the log, and sequal server agent is already disabled, so there's no chance to make a job to delete data via agent.

We are using ASP.net application on sql server, I checked the data log file there are more then 1 lack hacking attempts from different IP's trying to log in to my database.

Which make me sure that there's someone, tyring to access my database directly, so If there's a way I can block there attampts to secure my data or create a maximum 3 attempts and after that server will blocked the IP/s...

Thanks for you help..

[PhilipToop]

Are you saying that you have SQL server running on a machine that is available to the internet?

and

That the database is being directly attacked?

SQL server tends to listen for connections on port 1433. If this is the case can you put a firewall block on this port number.

Also within sqlserver you can change the permission on the database.

Not sure I understand "sequal server agent is disabled". To what are you referring?

[Danish_555]

Are you saying that you have SQL server running on a machine that is available to the internet?

and

That the database is being directly attacked?

Yes this is...I hired a hosting company.

SQL server tends to listen for connections on port 1433. If this is the case can you put a firewall block on this port number.

This is Good Idea, I'll try this and write down the result soon.

Also within sqlserver you can change the permission on the database.

Yes, I've just changed, these permission, just watching if it work..

Not sure I understand "sequal server agent is disabled". To what are you referring?

sequal server agent = sql server agent (which takes the jobs of deleting data, taking backups after a perticular time.)

I'll keep posting if problem presist, Thanks a ton Philip!! for your help!!

[grannygotgoat05]

I think it is time to contact your host about updating the database software or at least investigating. That is what I would've done to start.

[zelthost]

I faced this problem. Maybe your cPanel and db pass was same. Take different pass.