Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

instead of trigger problem Expand / Collapse
Author
Message
Posted Thursday, June 12, 2008 9:26 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Wednesday, July 18, 2012 1:09 PM
Points: 347, Visits: 50
some virus are updating my tables with some malcisious script

i checked in google its a sql injection done by some bots, executing a stored procedure by a leak in asp script programming
its a big story,

the point is

i wrote a trigger to check if an update contains ".js" in a particular table column if it does
i dont want the data to get inserted if it is not there
i want to get inserted

so i wrote instead of trigger, but its not updating at all, can any 1 explain





For IT jobs click here

*Sukhoi*
Post #516035
Posted Thursday, June 12, 2008 11:47 AM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Thursday, May 10, 2012 9:49 AM
Points: 800, Visits: 1,759
Do you have any error messages? Can you post code of the trigger?
Piotr


...and your only reply is slàinte mhath
Post #516145
Posted Thursday, June 12, 2008 12:12 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Wednesday, July 18, 2012 1:09 PM
Points: 347, Visits: 50
iam unable to see the code via enterprise manager, any sql query to get the code ?

i got the trigger name by doing a query on sysobjects

actually its nothign great

create trigger trig1 on
joblist
instead of update
if(select * from joblist where jobcategory like '%.js%')
being
print 'Trying to insert virus '
end

somthing like that, i will drop the trigger and recreate it





For IT jobs click here

*Sukhoi*
Post #516166
Posted Thursday, June 12, 2008 12:16 PM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Thursday, May 10, 2012 9:49 AM
Points: 800, Visits: 1,759
But you said you wrote the trigger, you must have its code then? Are you using SQL 2005? Why do you use Enterprise Manager then?
Look at sys.sql_modules catalog view.
Piotr


...and your only reply is slàinte mhath
Post #516168
Posted Thursday, June 12, 2008 12:26 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Saturday, August 30, 2014 5:24 PM
Points: 7,139, Visits: 15,191
you can simply turn on scripting the trigger in scripting options. Once you do that, ask it to script a CREATE on the relevant table, and you should have the trigger code.

I suspect you're not reissuing the insert command. If you don't specifically do an insert based on the inserted virtual table from within the INSTEAD OF trigger, nothing gets inserted.


----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
Post #516174
Posted Thursday, June 12, 2008 12:29 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Wednesday, July 18, 2012 1:09 PM
Points: 347, Visits: 50
iam using sql server management studio
iam unable to see it the database/programmabilit/triggers section

my website had been subjected to sql injections
my website had been injected 4 times a day, my table fields were updated with <script src ww.abc./b.js tags

wanted to prevent this update ,wrote triggers for it





For IT jobs click here

*Sukhoi*
Post #516175
Posted Thursday, June 12, 2008 1:04 PM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Thursday, May 10, 2012 9:49 AM
Points: 800, Visits: 1,759
ok these triggers are DDL triggers, looks you don't have any. To see a trigger on a table you must expand table node (in Tables) and there are triggers you need.

...and your only reply is slàinte mhath
Post #516211
Posted Thursday, June 12, 2008 1:41 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Wednesday, July 18, 2012 1:09 PM
Points: 347, Visits: 50
thanks i never knew that, iam writing triggers for the first time i guess

i have deleted for that table, i have wrote similar trigger for another
table

iam pasting code

USE [joblist]
GO
/****** Object: Trigger [toempemails] Script Date: 06/11/2008 14:19:22 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
create TRIGGER [toempemails]
on [dbo].[empemails] INSTEAD OF UPDATE
as
IF EXISTS (SELECT * FROM deleted WHERE companyname like '%.js')
begin
print 'trying to insert virus'
end

--select * from empemails





For IT jobs click here

*Sukhoi*
Post #516233
Posted Thursday, June 12, 2008 1:58 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Saturday, August 30, 2014 5:24 PM
Points: 7,139, Visits: 15,191
You're essentially intercepting ALL updates, and not allowing them to happen. Per BOL:

In contrast with the AFTER trigger, the INSTEAD OF trigger fires before constraint processing and replaces the normal triggering action with the actions defined in the trigger. For example, an INSTEAD OF trigger attached to a view of historical sales data can prevent the data from being modified by replacing the insert, update, and delete triggering actions with a customized error message. Because the INSTEAD OF trigger supersedes the triggering action, the data modification that caused the trigger to execute in this example is never executed. The INSTEAD OF trigger code must include the appropriate INSERT, UPDATE, or DELETE statements if those actions are required. Executing the INSERT, UPDATE, or DELETE statement from inside the INSTEAD OF trigger code will not fire the same trigger again; instead, the insert, update, or delete action is performed.


you're not reissuing the update from within the trigger, so no update ever occurs. You'd have to add an UPDATE statement, based on the INSERTED table.

Something like (I was also curious why you're checking the DELETED table and not the INSERTED table):

USE [joblist]
GO
/****** Object: Trigger [toempemails] Script Date: 06/11/2008 14:19:22 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
create TRIGGER [toempemails]
on [dbo].[empemails] INSTEAD OF UPDATE
as
BEGIN
IF EXISTS (SELECT * FROM deleted WHERE companyname like '%.js')
begin
print 'trying to insert virus'
end
ELSE
begin
update toempemails
set col1=inserted.col1,
col2=inserted.col2
--etc....
from toempemails
inner join inserted i on toempemails.ID=i.ID
end
end

--select * from empemails


Keep in mind that you might be tossing out a bunch of good rows, based on just one being bad, so you might care to rewrite the trigger to only apply to those rows without the '.js' extension. Just do that within the WHERE clause of the update.


----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
Post #516242
Posted Thursday, June 12, 2008 9:22 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Wednesday, July 18, 2012 1:09 PM
Points: 347, Visits: 50
any easy way to just check 1 column, some tables are huge with 80,90 columns, it wud be so bad to type each column name

any easy way to just check 1 condition
if it is not virus code then let the whole table update

i guess you are right, i need to check inserted value





For IT jobs click here

*Sukhoi*
Post #516380
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse