June 12, 2008 at 9:26 am
some virus are updating my tables with some malcisious script
i checked in google its a sql injection done by some bots, executing a stored procedure by a leak in asp script programming
its a big story,
the point is
i wrote a trigger to check if an update contains ".js" in a particular table column if it does
i dont want the data to get inserted if it is not there
i want to get inserted
so i wrote instead of trigger, but its not updating at all, can any 1 explain
<a href="http://www.websolsoftware.com"> For IT jobs click here</a>
*Sukhoi*[font="Arial Narrow"][/font]
June 12, 2008 at 11:47 am
Do you have any error messages? Can you post code of the trigger?
Piotr
...and your only reply is slàinte mhath
June 12, 2008 at 12:12 pm
iam unable to see the code via enterprise manager, any sql query to get the code ?
i got the trigger name by doing a query on sysobjects
actually its nothign great
create trigger trig1 on
joblist
instead of update
if(select * from joblist where jobcategory like '%.js%')
being
print 'Trying to insert virus '
end
somthing like that, i will drop the trigger and recreate it
<a href="http://www.websolsoftware.com"> For IT jobs click here</a>
*Sukhoi*[font="Arial Narrow"][/font]
June 12, 2008 at 12:16 pm
But you said you wrote the trigger, you must have its code then? Are you using SQL 2005? Why do you use Enterprise Manager then?
Look at sys.sql_modules catalog view.
Piotr
...and your only reply is slàinte mhath
June 12, 2008 at 12:26 pm
you can simply turn on scripting the trigger in scripting options. Once you do that, ask it to script a CREATE on the relevant table, and you should have the trigger code.
I suspect you're not reissuing the insert command. If you don't specifically do an insert based on the inserted virtual table from within the INSTEAD OF trigger, nothing gets inserted.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
June 12, 2008 at 12:29 pm
iam using sql server management studio
iam unable to see it the database/programmabilit/triggers section
my website had been subjected to sql injections
my website had been injected 4 times a day, my table fields were updated with <script src ww.abc./b.js tags
wanted to prevent this update ,wrote triggers for it
<a href="http://www.websolsoftware.com"> For IT jobs click here</a>
*Sukhoi*[font="Arial Narrow"][/font]
June 12, 2008 at 1:04 pm
ok these triggers are DDL triggers, looks you don't have any. To see a trigger on a table you must expand table node (in Tables) and there are triggers you need.
...and your only reply is slàinte mhath
June 12, 2008 at 1:41 pm
thanks i never knew that, iam writing triggers for the first time i guess
i have deleted for that table, i have wrote similar trigger for another
table
iam pasting code
USE [joblist]
GO
/****** Object: Trigger [toempemails] Script Date: 06/11/2008 14:19:22 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
create TRIGGER [toempemails]
on [dbo].[empemails] INSTEAD OF UPDATE
as
IF EXISTS (SELECT * FROM deleted WHERE companyname like '%.js')
begin
print 'trying to insert virus'
end
--select * from empemails
<a href="http://www.websolsoftware.com"> For IT jobs click here</a>
*Sukhoi*[font="Arial Narrow"][/font]
June 12, 2008 at 1:58 pm
You're essentially intercepting ALL updates, and not allowing them to happen. Per BOL:
In contrast with the AFTER trigger, the INSTEAD OF trigger fires before constraint processing and replaces the normal triggering action with the actions defined in the trigger. For example, an INSTEAD OF trigger attached to a view of historical sales data can prevent the data from being modified by replacing the insert, update, and delete triggering actions with a customized error message. Because the INSTEAD OF trigger supersedes the triggering action, the data modification that caused the trigger to execute in this example is never executed. The INSTEAD OF trigger code must include the appropriate INSERT, UPDATE, or DELETE statements if those actions are required. Executing the INSERT, UPDATE, or DELETE statement from inside the INSTEAD OF trigger code will not fire the same trigger again; instead, the insert, update, or delete action is performed.
you're not reissuing the update from within the trigger, so no update ever occurs. You'd have to add an UPDATE statement, based on the INSERTED table.
Something like (I was also curious why you're checking the DELETED table and not the INSERTED table):
USE [joblist]
GO
/****** Object: Trigger [toempemails] Script Date: 06/11/2008 14:19:22 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
create TRIGGER [toempemails]
on [dbo].[empemails] INSTEAD OF UPDATE
as
BEGIN
IF EXISTS (SELECT * FROM deleted WHERE companyname like '%.js')
begin
print 'trying to insert virus'
end
ELSE
begin
update toempemails
set col1=inserted.col1,
col2=inserted.col2
--etc....
from toempemails
inner join inserted i on toempemails.ID=i.ID
end
end
--select * from empemails
Keep in mind that you might be tossing out a bunch of good rows, based on just one being bad, so you might care to rewrite the trigger to only apply to those rows without the '.js' extension. Just do that within the WHERE clause of the update.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
June 12, 2008 at 9:22 pm
any easy way to just check 1 column, some tables are huge with 80,90 columns, it wud be so bad to type each column name
any easy way to just check 1 condition
if it is not virus code then let the whole table update
i guess you are right, i need to check inserted value
<a href="http://www.websolsoftware.com"> For IT jobs click here</a>
*Sukhoi*[font="Arial Narrow"][/font]
June 12, 2008 at 9:27 pm
If just one field needs to be checked, then by all means - add that one thing into the WHERE. You still have to set up the update with all affected columns. No free lunch there that I can think of....
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
Viewing 11 posts - 1 through 10 (of 10 total)
You must be logged in to reply to this topic. Login to reply