|Michael Lazin on 26 Mar 2010 14:40:22 -0700|
We have a customer who had an entire table dropped from their MS SQL server database, they are running a customer built ASP site with database backend. They are blaming us but 2nd level support believes it to be the result of a SQL injection attack. I have been given the unfortunate duty of trying to find the hack, I do security on the Linux servers, but there is no one else here who knows enough about logs who could do any better. I am working under the assumption that the attack will show up with in the logs as a POST, and it will be a 200 (successful connection). There are 295 unique IPs that have passed post data that are 200s. I know this from grep and wc -l. Anyone know enough about MS logs to give me some hints that might help me find the hack with grep?
ASCII ribbon campaign ( )
against HTML e-mail X
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug