Dear Sir/Madam,
Hello,
Since 2 years ago we send some information to our remote
SQL Server on a dedicated server every 5 minutes without
any problem, but yesterday a hacker , delete many of our
information on a remote SQL Server, I really don't know
how he/she did it, but after that I changed the SQL Server
port from 1433 to a private port , change all Logins in
security section of SQL Server Enterprise Manager ,
Windows passwords and setup a firewall to protect our
server, but unfortunately tonight , hacker again attack
our site and again change all of our data in SQL Server.
Because of firewall setting, I'm sure that he/she cannot
login to our server from private port and I think that
he/she try to login from http port, and because of our web
server we cannot change our http port to a private port.
I really don't know that how can I secure more our SQL
server and rid from hacker.
By the way both SQL Server and Windows are full update.
Please help me as soon as possible
Yours Sincerely,
JohnOn Thu, 17 Jun 2004 20:11:07 -0700, "John" <ah_yousefi@.yahoo.com>
wrote:
>Since 2 years ago we send some information to our remote
>SQL Server on a dedicated server every 5 minutes without
>any problem, but yesterday a hacker , delete many of our
>information on a remote SQL Server, I really don't know
>how he/she did it, but after that I changed the SQL Server
>port from 1433 to a private port , change all Logins in
>security section of SQL Server Enterprise Manager ,
>Windows passwords and setup a firewall to protect our
>server, but unfortunately tonight , hacker again attack
>our site and again change all of our data in SQL Server.
>Because of firewall setting, I'm sure that he/she cannot
>login to our server from private port and I think that
>he/she try to login from http port, and because of our web
>server we cannot change our http port to a private port.
>I really don't know that how can I secure more our SQL
>server and rid from hacker.
>By the way both SQL Server and Windows are full update.
>Please help me as soon as possible
You let the hacker in, then closed all the doors you knew about. The
hacker may very well have added a backdoor or remote management tool,
made his account administrator on the box, created an SA equivalent
account and any number of other changes that could allow him entry at
any time. He may have been there for years and you didn't realize it
until the data got altered.
Nuke the box. Rebuild from scratch, and only restore data from a know
clean backup. Learn from this and move on.
Jeff
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment