instead of trigger problem

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2005 » T-SQL (SS2K5) » instead of trigger problem

11 posts, Page 1 of 2

1 2 »»

instead of trigger problem

Rate Topic

Display Mode

Topic Options

Author

Message

sukhoi971

Posted Thursday, June 12, 2008 9:26 AM

Old Hand

Group: General Forum Members
Last Login: Wednesday, July 18, 2012 1:09 PM
Points: 347, Visits: 50

some virus are updating my tables with some malcisious script

i checked in google its a sql injection done by some bots, executing a stored procedure by a leak in asp script programming
its a big story,

the point is

i wrote a trigger to check if an update contains ".js" in a particular table column if it does
i dont want the data to get inserted if it is not there
i want to get inserted

so i wrote instead of trigger, but its not updating at all, can any 1 explain

For IT jobs click here

*Sukhoi*

Post #516035

Piotr.Rodak

Posted Thursday, June 12, 2008 11:47 AM

SSC Eights!

Group: General Forum Members
Last Login: Thursday, May 10, 2012 9:49 AM
Points: 800, Visits: 1,759

Do you have any error messages? Can you post code of the trigger?
Piotr

...and your only reply is slàinte mhath

Post #516145

sukhoi971

Posted Thursday, June 12, 2008 12:12 PM

Old Hand

Group: General Forum Members
Last Login: Wednesday, July 18, 2012 1:09 PM
Points: 347, Visits: 50

iam unable to see the code via enterprise manager, any sql query to get the code ?

i got the trigger name by doing a query on sysobjects

actually its nothign great

create trigger trig1 on
joblist
instead of update
if(select * from joblist where jobcategory like '%.js%')
being
print 'Trying to insert virus '
end

somthing like that, i will drop the trigger and recreate it

For IT jobs click here

*Sukhoi*

Post #516166

Piotr.Rodak

Posted Thursday, June 12, 2008 12:16 PM

SSC Eights!

Group: General Forum Members
Last Login: Thursday, May 10, 2012 9:49 AM
Points: 800, Visits: 1,759

But you said you wrote the trigger, you must have its code then? Are you using SQL 2005? Why do you use Enterprise Manager then?
Look at sys.sql_modules catalog view.
Piotr

...and your only reply is slàinte mhath

Post #516168

Matt Miller (#4)

Posted Thursday, June 12, 2008 12:26 PM

SSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 7:57 PM
Points: 6,998, Visits: 13,949

you can simply turn on scripting the trigger in scripting options. Once you do that, ask it to script a CREATE on the relevant table, and you should have the trigger code.

I suspect you're not reissuing the insert command. If you don't specifically do an insert based on the inserted virtual table from within the INSTEAD OF trigger, nothing gets inserted.

----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

Post #516174

sukhoi971

Posted Thursday, June 12, 2008 12:29 PM

Old Hand

Group: General Forum Members
Last Login: Wednesday, July 18, 2012 1:09 PM
Points: 347, Visits: 50

iam using sql server management studio
iam unable to see it the database/programmabilit/triggers section

my website had been subjected to sql injections
my website had been injected 4 times a day, my table fields were updated with <script src ww.abc./b.js tags

wanted to prevent this update ,wrote triggers for it

For IT jobs click here

*Sukhoi*

Post #516175

Piotr.Rodak

Posted Thursday, June 12, 2008 1:04 PM

SSC Eights!

Group: General Forum Members
Last Login: Thursday, May 10, 2012 9:49 AM
Points: 800, Visits: 1,759

ok these triggers are DDL triggers, looks you don't have any. To see a trigger on a table you must expand table node (in Tables) and there are triggers you need.

...and your only reply is slàinte mhath

Post #516211

sukhoi971

Posted Thursday, June 12, 2008 1:41 PM

Old Hand

Group: General Forum Members
Last Login: Wednesday, July 18, 2012 1:09 PM
Points: 347, Visits: 50

thanks i never knew that, iam writing triggers for the first time i guess

i have deleted for that table, i have wrote similar trigger for another
table

iam pasting code

USE [joblist]
GO
/****** Object: Trigger [toempemails] Script Date: 06/11/2008 14:19:22 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
create TRIGGER [toempemails]
on [dbo].[empemails] INSTEAD OF UPDATE
as
IF EXISTS (SELECT * FROM deleted WHERE companyname like '%.js')
begin
print 'trying to insert virus'
end

--select * from empemails

For IT jobs click here

*Sukhoi*

Post #516233

Matt Miller (#4)

Posted Thursday, June 12, 2008 1:58 PM

SSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 7:57 PM
Points: 6,998, Visits: 13,949

You're essentially intercepting ALL updates, and not allowing them to happen. Per BOL:

In contrast with the AFTER trigger, the INSTEAD OF trigger fires before constraint processing and replaces the normal triggering action with the actions defined in the trigger. For example, an INSTEAD OF trigger attached to a view of historical sales data can prevent the data from being modified by replacing the insert, update, and delete triggering actions with a customized error message. Because the INSTEAD OF trigger supersedes the triggering action, the data modification that caused the trigger to execute in this example is never executed. The INSTEAD OF trigger code must include the appropriate INSERT, UPDATE, or DELETE statements if those actions are required. Executing the INSERT, UPDATE, or DELETE statement from inside the INSTEAD OF trigger code will not fire the same trigger again; instead, the insert, update, or delete action is performed.

you're not reissuing the update from within the trigger, so no update ever occurs. You'd have to add an UPDATE statement, based on the INSERTED table.

Something like (I was also curious why you're checking the DELETED table and not the INSERTED table):

USE [joblist]
GO
/****** Object:  Trigger [toempemails]    Script Date: 06/11/2008 14:19:22 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
create TRIGGER [toempemails]
on [dbo].[empemails] INSTEAD OF UPDATE
as
BEGIN
    IF EXISTS (SELECT * FROM deleted WHERE companyname like  '%.js')
        begin
             print 'trying to insert virus'
        end
    ELSE
        begin
           update toempemails
             set col1=inserted.col1,
                  col2=inserted.col2 
                   --etc....
             from toempemails
                      inner join inserted i on toempemails.ID=i.ID
        end 
end 

--select * from empemails

Keep in mind that you might be tossing out a bunch of good rows, based on just one being bad, so you might care to rewrite the trigger to only apply to those rows without the '.js' extension. Just do that within the WHERE clause of the update.

----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

Post #516242

sukhoi971

Posted Thursday, June 12, 2008 9:22 PM

Old Hand

Group: General Forum Members
Last Login: Wednesday, July 18, 2012 1:09 PM
Points: 347, Visits: 50

any easy way to just check 1 column, some tables are huge with 80,90 columns, it wud be so bad to type each column name

any easy way to just check 1 condition
if it is not virus code then let the whole table update

i guess you are right, i need to check inserted value

For IT jobs click here

*Sukhoi*

Post #516380

« Prev Topic | Next Topic »

11 posts, Page 1 of 2

1 2 »»

Permissions