Web Wiz Forums - SQL Server Deleted!

Print Page | Close Window

SQL Server Deleted!

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=12366
Printed Date: 11 April 2026 at 11:31am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: SQL Server Deleted!

Posted By: paulhg
Subject: SQL Server Deleted!
Date Posted: 30 October 2004 at 12:34pm

All the tables are empty! I have a backup from yesterday, so not the end of the world, but this sucks. I have the latest webwiz patch, sql server sp3. Any ideas on how to make it more secure?

Replies:

Posted By: WebWiz-Bruce
Date Posted: 30 October 2004 at 12:51pm

The forum is already secure as it can be, espically as the largest hacking site in Russia uses it and they all continully try to hack and and do let me know instaentky if any security holes exsist, which I then usually patch within 12 hours.

The only way I can see this can happen is:-

Someone has found your admin username and password
Someone has got into your MS SQL Server database
You have given a secound user admin privileges
A problem with your MS SQL Server

Then off course more advanced hackers may have used packet sniffing software to get your MS SQL Server username and password or your admin username and password. But unless you use SSL space to host your forum, this will always be a hole in your security.

-------------
https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting
https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting

Posted By: paulhg
Date Posted: 30 October 2004 at 1:15pm

Thanks, I will look into these 4 points. I did find some entries in the ftp log and was thinking maybe they found the db name and login info via this. Here are some entries I found:

Part of FTP log from 10/29/04:
15:41:34 62.251.26.232 [63]USER anonymous 331 0
15:41:34 62.251.26.232 [63]PASS mailto:Pgpuser@home.com - Pgpuser@home.com 530 1326

Part of FTP log from 10/30/04:
14:02:00 80.143.250.231 [64]USER anonymous 331 0
14:02:00 80.143.250.231 [64]PASS mailto:Jgpuser@home.com - Jgpuser@home.com 530 1326

I don't know who this is. There's no reason why anyone other myself would ftp into the site, so maybe this person had something to do with it.