# Sunday, 19 November 2006

I just a call from my colleague who mentioned that our client's website was down. I RDPed into the machine and based on the event logs, figured out that there was something wrong with the connection between the webserver and the SQL server express that was installed.

I looked at the services list for the machine but noticed the SQL Server service was started. Then I noticed something weird, the instance name of the SQL Server was SQLExpress where as we had already set it up as the default instance previously.

Further checks revealed other worrying signs, our SQL user was missing, and a DB which was less known to the client was also missing from the server.

This is going to be a problem.. only 3 parties have access to the server, us, the client and the web host service provider. Obviously having the actual database file deleted and also the SQL user itself must mean that someone had pretty much full acess to the server.

Question now is.. who screwed up?

Note that you can Post As GUEST as well.
blog comments powered by Disqus