By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,408 Members | 1,840 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,408 IT Pros & Developers. It's quick & easy.

SQL Injection Attacks

P: n/a
I think a site I developed has been the victim of a sql
injection attack.I know how to stop this happening in
future but:

Is there any way I can trace such an attack?
Nov 18 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Possibly - Have a look at your IIS log files, depends how the attack happend
really - If its on the querystring it'll be in the logs, if it was within
form data then you probably wont be able to trace it.

"poppy" <sa**@asda.com> wrote in message
news:38****************************@phx.gbl...
I think a site I developed has been the victim of a sql
injection attack.I know how to stop this happening in
future but:

Is there any way I can trace such an attack?

Nov 18 '05 #2

P: n/a
If it is in the querystring then how do i trace it?

Nov 18 '05 #3

P: n/a
You should use ADO.NET parameter objects. They will protect you against SQL
Injection Attacks.

Here's more info:
http://msdn.microsoft.com/library/de...classtopic.asp
http://msdn.microsoft.com/library/de...isualbasic.asp

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"poppy" <sa**@asda.com> wrote in message
news:38****************************@phx.gbl...
I think a site I developed has been the victim of a sql
injection attack.I know how to stop this happening in
future but:

Is there any way I can trace such an attack?

Nov 18 '05 #4

P: n/a
Examine the records from the time period where you think the attack
occured. Most web logs will include the query string sent from the
client. A visual inspection might turn up the requests made with SQL
commands in the query string, which would indicate someone probing or
breaking the site.

If you can find those records you'll then have an IP address, which
may give you something to go on, but it's not perfect.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Tue, 2 Nov 2004 16:57:14 -0800,
<an*******@discussions.microsoft.com> wrote:
If it is in the querystring then how do i trace it?


Nov 18 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.