Is this SQL Injection or something else?

[mattpont]

Hi everyone.

Our SQL Server has stopped twice in the last week. I restart it and everything starts working okay again.

When it 'stops', I get this error when I try and use a website that uses the SQL Server database:
[Microsoft][ODBC SQL Server Driver][DBNETLIB]General network error. Check your network documentation.

This is what the error log reports:
Using 'odsole70.dll' version '2000.80.2039' to execute extended stored procedure 'sp_OACreate'.
Using 'SQLHotFix.dll' version 'UNKNOWN' to execute extended stored procedure 'sp_HotFix'.

Any ideas how to stop this?

Thanks

 

[ptheriault]

Matt,
I haven't seen this before. However, someone could be using sp_OACreate to create SQLHotFix.dll and run sp_HotFix. I googled SQLHotFix.dll and sp_HotFix. I didn't get anything. I would look at the permissions for the account that the website is using. Make sure it has least permissions required. I would also remove any exec permissions from sp_OACreate. Also, is this SQL server behind your firewall?

- Paul
- If at first you don't succeed, find out if the loser gets anything.

 

[mattpont]

The SQL Server is behind a firewall.

How do I remove exec permissions from sp_OACreate?

Thanks

 

[Catadmin]

Go into the properties of the proc and look for the tab that has a permissions button on it. You can revoke or deny permissions there. Or look up Revoke & Deny in Books Online for the T-SQL syntax.



Catadmin - MCDBA, MCSA
"No, no. Yes. No, I tried that. Yes, both ways. No, I don't know. No again. Are there any more questions?"
-- Xena, "Been There, Done That"