SQL database Hang Horse solution

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Today received a friend's help phone, rushed back to the bedroom on the server to view the situation, the original is a website was invaded, the destruction is quite serious, the SQL database is hung horse, all the table inside most of the fields are repeatedly inserted horse code, check the log, fortunately not related to the security of the server There's just a lot of exception warnings in the database.

No way, I had to fix the database, because they do not have a database backup, there is no way to restore the database Ah, not even the transaction log is not open, try to recover a few times are unsuccessful, restore the database there is no hope, I have to obediently help them clean up the horse code, can not manually remove the horse code, After all, the data is too big to directly modify, through the search for a barely effective solution, each table to execute this SQL statement

Update tablename set @ziduanming =replace (CAST (@ziduanming as varchar (8000)), ', null '

The above SQL statement corresponds to modifying the table, the field name, and the replacement content

In fact, the SQL database hanging horse is a newer method of horse-hanging, as long as the site is injected, and the connection database is DB Owner permissions can be a database hanging horse, estimated the process of the attack should be automated, through advanced scanning technology to collect tens of thousands of of the site's SQL injection vulnerabilities, for vulnerability attacks, Automate the SQL injection to hang the horse. This time there should be a lot of sites suffer, Asp+mssql is mainly targeted!

I give the solution

SQL database Hanging Horse Solution:

Correct cleaning Trojan, note that the database can not be arbitrarily modified or deleted, after the horse, more need to be cautious operation. It is recommended that you back up and then carefully clean up.

If you haven't backed up before, use my SQL command to fix it,

How to prevent SQL database hanging horses:

1, clean up all the injection points on the site.

2, for the site to configure a reliable anti-injection program.

3, the best in the site source code to do a good job of filtering in the database to limit the type and length of characters.

4, the habit of regular backup database. You may not be able to guarantee a daily backup of the database, but will also guarantee a weekly backup, if there is time to make sure to back up the database every day.

5, the best is to ask professional website security company, to your station and server to do a thorough security assessment.