Reputation: 4111
How to prevent hacking to SQL database?
I have a ASP.NET website, which is hosted on a shared server, by GoDaddy.
Every week, someone changes values in my database and add advertisement text to my items description. I once changed the password to the database, and it helped for about a month. My connection string is stored in the web.config file.
Is there any way to improve the security on my database? If I keep the connection string hard coded in the code, will it help? Is there any other better way?
Upvotes: 2
Views: 1548
Answers (2)
Reputation: 5072
If you know when the attack took place you should dig into DB server logs. For example SQL Server provides audit logging and transaction logging. Look there for any clues.
Anyway, as you said that changing the password stopped the attacks for a while, it seems to me that someone might have access to your configuration files. You might want on encrypt it. There is one example : Encrypting Web.Config
For the possible SQL Injection attack you could also grep your HTTP logs. This blog post illustrates the idea how to do it.
Upvotes: 2
Reputation: 4560
First of all you need to ask the hosting guys,how this things happen? Sometimes your FTP details hacked and then access web.config file.First you try to change your Control Panel & FTP Passwords.(Then use very strong passwords).
Or the other thing you can Encrypt connectionstring.Check this link and you can get a idea about how you can encrypt & decraypt it.
Most probably it maybe a SQL Injection.
Upvotes: 2
Related Questions
- Protecting data entered SQL against bad behaviour
- Someone is trying to hack my website
- How can I avoid SQL injection attacks in my ASP.NET application?
- How to protect by hacking my Asp.net site and my sql server?
- How to Secure SQL in C# ASP.NET
- Security Issue with ASP.NET and SQL Server
- how to prevent SQL Injection in a asp.net website
- Data Security in ASP.Net with SQL Server
- Sharepoint Database Security - SQL injection
- SQL Server and Security