网站被攻击，表中数据被删了

我的网站用的是ASP+MS SQL。前两天“新闻”表中的数据全被删了。我加了sql防注入代码，但今天早晨打开网站发现所有新闻又被删了。我对安全技术了解很少，想向大家请教一下，我应该如何防范此类攻击？怎样才能查到攻击者的操作记录（我是租的空间，服务商说没有任何记录，只有web日志又看不出什么问题）？请不吝赐教，多谢！

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

1.常备份
2.肯定要查iis日志
3.换服务商如果能确定程序没有注入，就是服务商的问题。
谢谢perfectaction！怎么才能查明究竟是如何被攻击的？像新闻数据表中记录全部被删除这种情况会是注入造成的吗？IIS日志我也看不出个所以然来啊。有个123.112.50.7的IP有很多操作，不知道是否有关。附 IIS日志（一段）：
备注：
（1）122.102.6.221 是我网站空间服务器的IP。
（2）网站应该是在凌晨0：00-6：00被攻击的。#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2008-05-29 00:00:01
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status sc-bytes
2008-05-29 00:00:01 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 1468
2008-05-29 00:00:01 W3SVC441 122.102.6.221 GET /Database_2.asp id=1617 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 41129
2008-05-29 00:00:04 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 1468
2008-05-29 00:00:04 W3SVC441 122.102.6.221 GET /Database_2.asp id=1438 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 44800
2008-05-29 00:00:06 W3SVC441 122.102.6.221 GET /manage/product/managepro.asp page=3&newstype=&txtitle= 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 85690
2008-05-29 00:00:07 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 1468
2008-05-29 00:00:08 W3SVC441 122.102.6.221 GET /Database_2.asp id=1416 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 100142
2008-05-29 00:00:10 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 1468
2008-05-29 00:00:10 W3SVC441 122.102.6.221 GET /Database_2.asp id=1447 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 30205
2008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/product/editpro.asp id=884 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 12918
2008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /back.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 404 0 2 1468
2008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/news/editor/ewebeditor.asp id=zhaiyao&style=standard_3d1 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 14829
2008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/news/editor/ewebeditor.asp id=content&style=standard_3d1 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 14829
2008-05-29 00:00:13 W3SVC441 122.102.6.221 GET /manage/news/editor/ewebeditor.asp id=content1&style=standard_3d1 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 14830
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/css/office3d/Editor.css - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 2989
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /Database_2.asp id=1418 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0 87463
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/include/table.js - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 10602
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/include/editor.js - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 29176
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/include/menu.js - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 15020
2008-05-29 00:00:14 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/italic.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 330
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/underline.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 337
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/bold.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 325
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/strikethrough.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 333
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/superscript.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 331
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/subscript.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 330
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/JustifyLeft.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 321
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/JustifyCenter.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 321
123.112.50.7的还有好多，此外还有个76.177.97.185 的也很多。请问从哪儿可以查IP对应的详细信息（详细区域、公司等）？2008-05-29 22:56:47 W3SVC441 122.102.6.221 GET /Database_2.asp id=1381 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 39571
2008-05-29 22:56:47 W3SVC441 122.102.6.221 GET /back.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 404 0 2 1468
2008-05-29 22:56:49 W3SVC441 122.102.6.221 GET /style.css - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 21147
2008-05-29 22:56:49 W3SVC441 122.102.6.221 GET /images/bj-image.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 296
2008-05-29 22:56:49 W3SVC441 122.102.6.221 GET /images/etavenue_top3.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 3486
2008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/car_03.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 1258
2008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/behome.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 331
2008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/find_1.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 1131
2008-05-29 22:56:51 W3SVC441 122.102.6.221 GET /images/rssicon.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 1003
2008-05-29 22:56:52 W3SVC441 122.102.6.221 GET /images/top_nav2.jpg - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 6454
2008-05-29 22:56:52 W3SVC441 122.102.6.221 GET /images/line_delimiter.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 348
2008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/ad/162x90_hengtai.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 14948
2008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/row_icon.gif - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 303
2008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/ad-effect-word.JPG - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 2972
2008-05-29 22:56:53 W3SVC441 122.102.6.221 GET /images/TradeLead3.jpg - 80 - 76.177.97.185 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506) 200 0 0 5968
2008-05-29 22:56:57 W3SVC441 122.102.6.221 GET /policy_3.asp id=42 80 - 74.6.22.108 Mozilla/5.0+(compatible;+Yahoo!+Slurp;+http://help.yahoo.com/help/us/ysearch/slurp) 200 0 0 31380
在日志中搜delete,看看有没有相关url提交
日志里含有delete的记录格式如下：
（1）
2008-05-29 00:00:15 W3SVC441 122.102.6.221 GET /manage/news/editor/buttonimage/standard/delete.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 3462008-05-29 00:00:15 W3SVC441 122.102.6.221
GET /manage/news/editor/buttonimage/standard/RemoveFormat.gif - 80 - 123.112.50.7 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 200 0 0 347备注：此外还有近100个这样的，都是这个IP（123.112.50.7）。（2）
2008-05-29 10:06:04 W3SVC441 122.102.6.221 GET /robots.txt - 80 - 202.179.180.45 Mozilla/4.0+(compatible;+NaverBot/1.0;+http://help.naver.com/delete_main.asp) 404 0 2 14682008-05-29 10:06:15 W3SVC441 122.102.6.221 GET /Index.asp - 80 - 202.179.180.45 Mozilla/4.0+(compatible;+NaverBot/1.0;+http://help.naver.com/delete_main.asp) 200 0 0 90782备注：就这两条。
这两个都不是。。
是查看删除数据这段时间的日志吗？如果是注入，iis日志里应该有记录的。
用log_explore查看數據庫操作日志
我不确定是不是注入。问题就是新闻表里的记录被删除了。26号被删除过一次，日志里没有别的含delete的记录。今天被删除了一次，还没有日志。前几天的日志我都查了，里边都没有url后带“delete”的。
log_explore是个工具吗？还是命令？别见笑，我对sql了解不多。我的空间服务商说只有IIS日志，没有其它的，也不知道是真的，还是怕麻烦。被攻击两次了，连怎么死得都不知道，郁闷啊。
Lumigent Log Explorer 是个软件不会是人为删除的吧 -_-