473,378 Members | 1,479 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > sql injection attacks

Join Bytes to post your question to a community of 473,378 software developers and data experts.

SQL Injection Attacks

I think a site I developed has been the victim of a sql
injection attack.I know how to stop this happening in
future but:

Is there any way I can trace such an attack?
Nov 18 '05 #1
4 1632
Possibly - Have a look at your IIS log files, depends how the attack happend
really - If its on the querystring it'll be in the logs, if it was within
form data then you probably wont be able to trace it.

"poppy" <sa**@asda.com> wrote in message
news:38****************************@phx.gbl...
I think a site I developed has been the victim of a sql
injection attack.I know how to stop this happening in
future but:

Is there any way I can trace such an attack?

Nov 18 '05 #2
If it is in the querystring then how do i trace it?

Nov 18 '05 #3
You should use ADO.NET parameter objects. They will protect you against SQL
Injection Attacks.

Here's more info:
http://msdn.microsoft.com/library/de...classtopic.asp
http://msdn.microsoft.com/library/de...isualbasic.asp

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"poppy" <sa**@asda.com> wrote in message
news:38****************************@phx.gbl...
I think a site I developed has been the victim of a sql
injection attack.I know how to stop this happening in
future but:

Is there any way I can trace such an attack?

Nov 18 '05 #4
Examine the records from the time period where you think the attack
occured. Most web logs will include the query string sent from the
client. A visual inspection might turn up the requests made with SQL
commands in the query string, which would indicate someone probing or
breaking the site.

If you can find those records you'll then have an IP address, which
may give you something to go on, but it's not perfect.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Tue, 2 Nov 2004 16:57:14 -0800,
<an*******@discussions.microsoft.com> wrote:
If it is in the querystring then how do i trace it?


Nov 18 '05 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Preventing SQL injection attacks
by: Martin Lucas-Smith | last post by:
Can anyone provide any suggestions/URLs for best-practice approaches to preventing SQL injection? There seems to be little on the web that I can find on this. Martin Lucas-Smith ...
PHP
2
SQL injection attacks
by: freddy | last post by:
I would like to get more information on securing my windows apps from SQL injection attacks. There is so much stuff on web apps, but I can't find info on win apps. Can you help me
C# / C Sharp
9
Protecting SQL injection attacks (text input functino)
by: Darrel | last post by:
I'm learning a bit about the SWL injection issues and want to write a shared class that I can call from anywhere in my project to 'sanitize' any incoming text from textfields before sending to the...
ASP.NET
5
solution for preventing injection attacks
by: www.douglassdavis.com | last post by:
I have an idea for preventing sql injection attacks, however it would have to be implemented by the database vendor. Let me know if I am on the right track, this totally off base, or already...
PHP
4
Preventing SQL Injection attacks
by: Kevin Audleman | last post by:
My site has come under attack from sql injections. I thought I had things handled by replacing all single quotes with two single quotes, aka Replace(inputString, "'", "''") Alas, clever...
Microsoft SQL Server
29
IIS SQL Injection woes...
by: sinbuzz | last post by:
Hi, I'm curious about the best way to avoid SQL Injection attacks against my web server. Currently I'm on IIS. I might be willing to switch to something like Apache but I'm not sure if SQL...
C# / C Sharp
0
Are "Prepared Statements" 100% immune to mysqli injection attacks?
by: lazukars | last post by:
I am building some code with msqli prepared statements via. The code will be used for a form that will send data to a MySql database. What I would like to know is how secure are prepared...
MySQL Database
2
How can SQL injection attacks compromise ADODB Connections?
by: Jerry Winston | last post by:
We all know SQL injection attacks can easily get break SQL command strings concatenated with unsanitized user input fields: set commandObj = Server.CreateObject("ADODB.Connection") set rs =...
ASP / Active Server Pages
1
Recent round of SQL injection attacks
by: Dave Anderson | last post by:
We log hundreds of SQL injection attempts per day -- the type with CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last thing the attack does is DEALLOCATE its cursor. My SQL Server DBA...
ASP / Active Server Pages
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!