IP Address of updater of DB

PGScannell · May 27, 2010

I'm currently fighting a SQL Insertion bandit. I have triggers in place that have thwarted every effort that the person has tried.

I'd like to be able to add the IP address of the offending person to my log table. Problem is, I don't know where the IP address value would come from inside my triggers.

For instance, at the time of the discovery, i write a log file that says an invalid attempt to update table XXXX occured at MMD:YYYY @ HH:MM:SS, but I would REALLY like to insert an IP address into a column of my log table!

Any ideas as to where that value might be stored such that SQL Server can retrieve it?

Thanks in advance,
jerry

wisemx · May 27, 2010

Hi,
Create some code in the default page they hit at first using something like this:
Dim User_IP As String = Me.Context.Request.ServerVariables("REMOTE_ADDR")
Then take that User_IP and cast it as a string value into one of your tables.
Make sense?
All the best,
Mark

dmitri · May 27, 2010

Insertion into the tables of your database can be done only under the security content of SQL Logins which have insert permission for your database. In most cases the injection attack is done at the application level thus the insertion is probably done under the security contents of the whatever login your application connects to the sql server. SQL Server does not log IPs. It logs only the users who connect to the server. If your database is being attacked from the web application, you can find the information logged along with the IP addresses in the raw log available for your hosting account. Please look at this KB article for the instructions on how to access the raw log file.

Log in or Sign up

IP Address of updater of DB

PGScannell

wisemx

dmitri DiscountASP.NET Staff

Share This Page

Log in or Sign up

IP Address of updater of DB

PGScannell

wisemx

dmitri DiscountASP.NET Staff

Share This Page

Useful Searches