Re: My SQL 7 server was hacked through to store files onto. Please help
From: Steve Thompson (stevethompson@nomail.please)
Date: 12/26/02
- Next message: Jasper Smith: "Re: My SQL 7 server was hacked through to store files onto. Please help"
- Previous message: Steve Thompson: "Re: Using Windows Groups"
- In reply to: scuby: "Re: My SQL 7 server was hacked through to store files onto. Please help"
- Next in thread: Jasper Smith: "Re: My SQL 7 server was hacked through to store files onto. Please help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Steve Thompson" <stevethompson@nomail.please> Date: Thu, 26 Dec 2002 13:51:47 -0500
yes, there are multiple extended stored procedures and registry keys that
need to be locked down. I do not know if there is an equivalent SQL Server 7
security article, however a LOT of the concepts in this white paper will
help:
http://www.microsoft.com/sql/techinfo/administration/2000/securityWP.asp
Upgrade to the latest service pack and apply the security hotfixes:
http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp
Have not had a chance to review this article, however a quick scan appears
that it covers many good topics:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/ht
ml/openhack.asp
Steve
"scuby" <scuby@cove.net> wrote in message
news:010e01c2ad0d$1400ebe0$d4f82ecf@TK2MSFTNGXA11...
> yes, the server is exposed to the internet. I'm not sure
> how they got in. I'm assuming they came through SQL... I
> haven't seen any new usernames created. Any further
> advice?
>
>
> >-----Original Message-----
> >Is your server exposed to the internet ? It's very
> >easy to get control of a SQL server (especially
> >since you are on SP1), there are numerous buffer
> >overflows and privelige escalation vulnerabilities
> >available to the creative hacker. Also SQL logins
> >and passwords are extremely easy to hack. Is there
> >any indication SQL was hacked (any new logins / new
> >members of sysadmin role, startup procedures ?)
> >Have you checked for any new local NT users that look
> >suspicious.
> >
> >--
> >HTH
> >
> >Jasper Smith (SQL Server MVP)
> >
> >I support PASS - the definitive, global
> >community for SQL Server professionals -
> >http://www.sqlpass.org
> >
> >"scuby" <scuby@cove.net> wrote in message
> >news:065901c2ad0a$936eb720$d7f82ecf@TK2MSFTNGXA14...
> >> My SQL 7 sp1 server on windows 2000 was hacked through
> >> last night. there was a folder made under the winnt
> >> directory and then it was filled with mp3's, music,
> >> video's and all sorts of stuff. How would that person
> get
> >> through to do that? Could he have hacked in through
> SQL?
> >>
> >> Thanks in advance!
> >>
> >> Mike
> >
> >
> >.
> >
- Next message: Jasper Smith: "Re: My SQL 7 server was hacked through to store files onto. Please help"
- Previous message: Steve Thompson: "Re: Using Windows Groups"
- In reply to: scuby: "Re: My SQL 7 server was hacked through to store files onto. Please help"
- Next in thread: Jasper Smith: "Re: My SQL 7 server was hacked through to store files onto. Please help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
