April 1, 2011
Click the “Order Now” link in the top menu to purchase. Simply follow the included instructions to remove all occurrences of the attack from your Microsoft SQL server database. Also includes tips on stopping subsequent attacks.
January 6, 2010
FIX IT NOW!
NOW ONLY $75
• SUPPORTS Microsoft SQL 2000/2005/2008
• FAST & EASY CLEANUP
• FREE TECH SUPPORT (EMAIL)
• FREE PREVENTION CODE
• FREE SQL BACKUP SCRIPT
•100% CUSTOMER SUCCESS RATE
UPDATED: MAY 15, 2011
NOW INCLUDED: Script for the “LIZAMOON” and “google-anallytics” trojans. If you see fake Google Analytics code + links, we have a script to clean this that’s now included!
These situations can be a total pain to cleanup, which is why we’ve written the script for you.
Here’s what it does:
- Searches all attackable tables and fields in your Microsoft SQL Server database (versions 2008, 2005, or 2000 supported)
- Counts the number of rows that have been hacked
- Cleans the string out of the fields, including text/ntext columns
- VOILA! You are back up and running.
Note that this is for attacks that use string insertion — truncation or deletion will not be fixed by this script.
INCLUDES FREE EXTRAS: SQL injection prevention code (for Active Server Pages and Microsoft .NET) and a free script for automating daily SQL Server backups to disk.
Press the “Buy Now” button below — only $75
June 1, 2008
There’s a lot of stuff out there about SQL injection attacks (including our handy cleanup script), but there’s not much that will help you figure out how to stop these attacks from occurring.
First, let’s talk about what a SQL Injection Attack really is. Some people think it’s a virus of sorts, that is “inside your site.” Not the case. These are bot attacks by other virus infected computers. They simply use a brute force approach of scanning URLs that take POST/GET inputs and attempt to send their own data to them.
So, how do you track these down and stop them? For web sites powered by Microsoft’s IIS, here are our suggestions:
- Look at your IIS logs
Try searching for the word “DECLARE” or “EXECUTE.” If you’ve been hit by an attack, these will more than likely show up in your IIS logs — at least for any attack that was attempted using “GET” posts. If you do find any instances of “DECLARE” or “EXECUTE” these are the pages to start with.
- Use centralized database connection handling
Simple, make a centralized file (e.g. connection.asp if you are using ASP — see our free example) that handles all of your DB access. This way, it’s easier to make sure that you are SQL encoding your pages. You can easily search queries for “DECLARE” and “EXECUTE” and stop the attacks dead in their tracks.
- Implement a site wide solution
If you are running your own server, we highly recommend ISAPI_Rewrite from HeliconTech (http://www.helicontech.com/isapi_rewrite). This is an ISAPI filter that allows you to do a variety of things, including scan URL data. This will stop 99% of attacks without changing ANY code on your site!
If you have any questions, tips, or comments, please use the contact us link above.
May 26, 2008
As you may notice, Microsoft SQL Server will gradually consume more and more memory after it starts…Most people (us included) will wonder if this means that there are memory leaks or unclosed connections. While you should make sure to close all unused connection, this is actually normal behavior — just check the Microsoft knowledge base #321363.
While there are a variety of memory configuration options, we have a nice bandaid fix: restart SQL server during off hours. Simply make a .bat file with the code below and use windows scheduler to run the file when traffic is low:
NET STOP SQLSERVERAGENT
NET STOP MSSQLSERVER
NET START MSSQLSERVER
NET START SQLSERVERAGENT
April 4, 2008
A common issue for users of SQL Server databases is disk space and the size of the physical log file and database. While we’re not going to attempt to make “one size fits all” statement on database maintenance plans, we though it would be helpful to provide a few suggestions that will help you trim the size of your files when you are in a pinch.
Steps to truncating log files and shrinking your database:
1. Get the physical names of your database file (MDF) and log file (LDF):
Run the following system stored procedure:
This command will return a variety of information, including the physical size (the “size” column) and the path and name of your database and log files (in the “filename” column).
Record the name of the file from the “filename” colunm, excluding the path and file extension (e.g. if filename contains “C:\sqldatabases\yourdatabase_data.mdf” you want to save the string “yourdatabase_data”)
2. Truncate the database and shrink the database
The following set of SQL will shrink your database and “truncate” the log file. File in the parmaters surrounded by <…>. Note that you’ll need the two filename values from step 1.
BACKUP LOG <yourdatabasename> WITH TRUNCATE_ONLY
DBCC SHRINKFILE (<yourdatabaselogfilename>, 1)
DBCC SHRINKFILE (<yourdatabasedatafilename>, 1)
When complete, this script will output the same information as in step 1. Compare the new size with the old.