I hate it when that happens…
A good friend of mine has a fairly simple community site, with 30K members, about 7K active.
SQL Server 2000, ASP Classic. DB and site on separate servers.
KerBam! SQL Injected last Monday. Major trashing of data.
Problem 2: No backup since October 2, as the SQL Agent password had changed so the Agent wasn’t started.
Problem 3: Started the agent and it deleted the last full backup because it was older than 4 weeks.
SO: I get the call for help.
Time passes.
More time passes.
After a dozen uploads and downloads of .mdf/.ldf and backup files (from August), I am able to recover much of the data using the fantastic tools from Red-Gate software:
Log Rescue: Identified what got injected, into where and when
SQL Compare: enabled me to create a schema script to replace the relationships I had to remove to fix the data
SQL Data Compare: Helped me replace the trash data with what it looked like in August.
Also, a shout-out to Narayana Vyas Kondreddi for his Search and Replace code that at least got the bad URL out of the data we couldn’t fix.
The site is back up in read-only, and my buddy is reviewing all the code one page at a time.
Lessons learned:
Validate your inputs!
Back up your data, and verify it!
Not only does this one get fries, he gets 10+ hours of recovery effort at no charge, just for having a really cool site I want to see come back up 🙂
Kevin3NF
