This editorial was originally published on Mar 26, 2009. It is being re-run as Steve is away at DevConnections.
One of our SQLServerCentral authors sent me this post, which I found to be pretty amazing. Apparently hackers broke into a backup server at WebHostingTalk, which is a community for hosting providers to discuss issues. They deleted backups first, and then moved on to deleting tables from the database. It resulted in some downtime, and then a restore of an old copy of their database prior to trying to restore more recent copies. More information from the admin is here.
Now that's just malicious and nasty.
Hopefully this wasn't an inside job, though I could see that as a possibility. For a service like this, that just provides a place for a community, let's people interact and talk, this is just vandalism. It serves no purpose. It's likely no one even knows it was "M@M@sB0Y" or some other hacker, so there's no fame, and it disrupts people who just want to converse with colleagues.
I'd hate to think about this happening here. We have lots, and lots of posts from people all over the world, and while it wouldn't kill us, it would really annoy many people that have volunteered their valuable time to help others by losing their work. We definitely need to make sure we don't have an issue here.
I see two takeaways from this incident for most DBAs and administrators. First be sure that your backup servers are just as secure as your production ones. There is production data in the forum of backup files here, and you should be providing as much security for them, and perhaps more, as on other servers. Don’t treat these servers lightly.
Second I think this shows that there's a need for tape backups, or some type of non-linked backup. A tape grabs the files from your server, completely separately from the SQL Server (or other application). It is a pull link, and it's not obvious from the source server where these files have gone. That's good in that it prevents some type of attack on the main server from propagating on. Most people use a push from their server to a remote device as part of the backup process. That's OK, but it provides an easy link for someone to attack the backup server from the main one.
And one more benefit of tape? Usually they're rotated out, so even if a hacker or insider knows how to get to the backup system, without physical access they can't touch your tape.
The Voice of the DBA Podcasts
The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.
Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.
I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.
Big data is the latest craze. Hardware and software vendors have overwhelmed IT departments with high-speed analytical software, proprietary high-performance hardware, and columnar-based data stores promising quick access and lightning-fast answers to ad hoc analytical queries. Forgotten in this blast of technology are the database administrators' most important responsibilities: backup and recovery.
SQL in the City is coming to Atlanta on October 11. The second stop on the SQL in the City US Tour brings you SQL Server MVP experts including, Steve Jones and Grant Fritchey. Learn top tips and best practices for SQL Server database development and administration, discover the latest Red Gate tools, and network with fellow data professionals. More »
This metric collects the total amount of memory, in kilobytes, used by the plan cache of an instance to help identify memory pressure or plan cache pollution. It is similar to the SQL Server: memory manager: SQL cache memory counter, but instead of providing the number of 8-kilobyte pages that make up the plan cache, it provides the total memory used. More »
Ace your preparation for Microsoft® Certification Exam 70-461 with this 2-in-1 Training Kit from Microsoft Press®. Work at your own pace through a series of lessons and practical exercises, and then assess your skills with practice tests on CD—featuring multiple, customizable testing options.
Maximize your performance on the exam by learning how to:
Create database objects
Work with data
Troubleshoot and optimize queries
You also get an exam discount voucher—making this book an exceptional value and a great career investment.
This stored procedure is helpful in scripting permissions for a user in all databases it exist in.
If @newuidname has a value of '', it will scroll all databases and search for its permissions.
If @newuidname has a valid username, it will only script out the permissions for @uidname where @newuidname does not already have the same permissions or roles assigned.
If @RolePermissions = 1 the permissions of the roles @uidname belong to will also be scripted.
I initially used sp_helprotect, but then I had to do it database by database individually, this way I can run it once for all. This sp can be compiled on any database and it will still go through all databases.
how to solve this
- two tables
Write a query that would return teachers who’s students had highest overall percent correct on...
Error in attaching Adventureworks 2012 database
- hi i have problem in attaching Adventure works 2012 database
Attach database failed for Server '..........\MSSQLSERVER2012'. (Microsoft.SqlServer.Smo)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=11.0.2100.60+((SQL11_RTM).120210-1917+)&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Attach+database+Serve
SQL Server Database Backup Monitoring
- Hi SQL Masters,
Do you have a script that will determine if the backup failed/succeeded?
Database Name Status Log Date
--------------- ---------- --------------
synch two tables
I have two tables one is users and the other is frap_users ,Both contains some common attributes which are required...
Need Help on Fastest Search Logic
I have two tables named "Table1" and "Table2".
id bigint, product_name nvarchar(1000),quantity int
records count on Table1 : 25000( may increase in...
- Dear All
Currently I am getting following result sets
Registerno SubjectCode SubjectName Qno Marks
12402223 171906 Quality And Reliability Engineering 1 4
12402223 171906 Quality And Reliability...
Default Selection (Report)
- Hello SQL Gurus
I am currently working on a report that a default selection used to select customers. I use Visual...
SSRS 2008 R2. Print Reports In sequential order
- Hi All,
I have 2 reports with following layout
State..........................sales amount-----------------Number of items.......................Average Sales
I need help Please :(
- I have a table name Employee Logs
table consist of EmpID, Empname,Logdatetime.
I can generate the first in and last out by...
TempDB best practices - Doubt
- Hello guys,
I have two doubt:
-- 1 script:
SELECT cpu_count AS [Logical CPU Count], hyperthread_ratio AS [Hyperthread Ratio],
cpu_count/hyperthread_ratio AS [Physical CPU Count],...
This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.