July 21, 2010 at 11:15 am
Hi guys, I am in serious problem. Some one hacked my sql server 2008 and dropped my database. How can I restore, I do not have any backup... Please help... Its matter of life and death...
July 21, 2010 at 11:26 am
raamaakrishna (7/21/2010)
Hi guys, I am in serious problem. Some one hacked my sql server 2008 and dropped my database. How can I restore, I do not have any backup... Please help... Its matter of life and death...
Are the datafiles still available on the box? may be database was just detached.
Don't you have any backup? not even a standard O/S level backup of the whole box?
_____________________________________
Pablo (Paul) Berzukov
Author of Understanding Database Administration available at Amazon and other bookstores.
Disclaimer: Advice is provided to the best of my knowledge but no implicit or explicit warranties are provided. Since the advisor explicitly encourages testing any and all suggestions on a test non-production environment advisor should not held liable or responsible for any actions taken based on the given advice.July 21, 2010 at 11:36 am
seems like drop command deletes the mdf files too..
I do not see any physical files on the box. So to ensure, what I did was I created a database (testdb) on my laptop (local server), was able to see files related to testdb on my laptop
When I ran drop database testdb command, the files are no longer exisiting...
July 21, 2010 at 11:45 am
Drop database does indeed delete the files. Not move to recycle bin. Delete.
You can try and use an undelete tool, see if it'll get the files back intact and, if they'll attach afterwards. I must admit though, I've never seen that succeed.
Why no backup of what's obviously an important DB?
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
July 21, 2010 at 11:53 am
Yes I agree, its a grave mistake. We recently moved servers and we were in the process of creating backups and its too late now I guess..
I am currently running formatted recovery and deleted recovery softwares on it to see if I could retrieve any files.
Any help in getting the data recovered is highly appreciated....
July 21, 2010 at 12:08 pm
I would consider getting a security professional in to secure your servers and network. If you've been hacked once, it will happen again. I would not have any confidence in whoever was responsible for your current security setup.
Have you discovered how you were hacked yet?
July 21, 2010 at 12:11 pm
At this point, I am most worried about getting the files and once I get the files, next immediate thing would be secure the server strictly...
July 21, 2010 at 12:15 pm
raamaakrishna (7/21/2010)
Any help in getting the data recovered is highly appreciated....
At this point you're only real option is to hope that the undelete software manages to recover the files intact. Maybe make plans for recreating the DB from source if that's an option. (and maybe updating your CV as well)
You sure it was a hack and not someone accidentally dropping the wrong DB and not owning up to the mistake?
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
July 21, 2010 at 12:26 pm
raamaakrishna (7/21/2010)
At this point, I am most worried about getting the files and once I get the files, next immediate thing would be secure the server strictly...
On balance of probabilities your Db is gone. If you have been 'hacked', who is to say your exchange server isn't next? What about your payroll system? It sounds like you could be fully exposed with your pants around your ankles.
What type of Db was this? What industry are you in? Is this a large company?
July 21, 2010 at 12:28 pm
raamaakrishna (7/21/2010)
Hi guys, I am in serious problem. Some one hacked my sql server 2008 and dropped my database. How can I restore, I do not have any backup... Please help... Its matter of life and death...
I'm guesing not, but I have to ask. You didn't happen to copy the transaction log to another location, did you?
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
July 21, 2010 at 12:34 pm
How recently did you move servers? Are the old discs still available or have they been scrubbed?
Do you have any old backups from the old server collecting dust somewhere?
July 21, 2010 at 12:34 pm
No, haven't copied any transaction logs...
July 21, 2010 at 12:51 pm
rjohal-500813 (7/21/2010)If you have been 'hacked', who is to say your exchange server isn't next? What about your payroll system? It sounds like you could be fully exposed with your pants around your ankles.
What type of Db was this? What industry are you in? Is this a large company?
Guess #1 -This was done by mistake or somebody really hates either the poster or the poster's employer.
Guess #2 - Poster is using the word "hacked" because poster thinks he didn't drop the database then believes somebody got into the system and drop it. May be it was the guy on the next cubicle, chances are server was accessible via "sa" with no password.
_____________________________________
Pablo (Paul) Berzukov
Author of Understanding Database Administration available at Amazon and other bookstores.
Disclaimer: Advice is provided to the best of my knowledge but no implicit or explicit warranties are provided. Since the advisor explicitly encourages testing any and all suggestions on a test non-production environment advisor should not held liable or responsible for any actions taken based on the given advice.July 21, 2010 at 1:56 pm
Assuming the undelete option fails:
Did the SQL Server copy/forward/transfer any data to other systems and/or did it receive any data from other sources (e.g. other DBs, flat files or the like)?
If so, can these data be used to "reset" the DB values of a clean DB(assuming the table/view/function/sp scripts are stored somewhere else - they are, aren't they???)?
July 21, 2010 at 2:15 pm
Yes I agree, it could be anyone who could have done it. But I feel I am soely responsible for this. I take the blame and its my failure.
Coming to exchange server, payroll system etc.. They are all on different systems and I can confidently say they are secured.
The one having issues is a new server and due to some other urgent issues, we couldn't tighten all the security and configure backups.
I have learned my lesson....
The formatted recovery software is still running and I am keeping my fingers crossed.
Whether or not I am able to recovery the files, I will make it a top priority to tighten the security and configure backups for this machine immediately.
Any help in recovering the database is greatly appreciated
Thanks for all your suggestions and interactions so far...
Viewing 15 posts - 1 through 15 (of 15 total)
You must be logged in to reply to this topic. Login to reply