Help

I'm pretty sure that I'm under a sort of attack towards my w2k server
sp4/Sql server 2ksp3a box machine.
I run a web server with IIS5 and Sql 2k together.
- 1433/1434 closed by firewall.
- Virus free
- All patched
I usually monitor proc activity (and some other stuff) from windows
perfmon and in past months I was about 45%/55% of activity daily.
It is about 15 days that my box receives tons of http requests in IIS
and because all of my pages connect to db and run n queries this
anomalous activities crash my server.
Please how can I do to solve this problem?
For example how can I know if these requests are made by a trojan
horse on my box or something else?
Please help me I'm really sad :-(( my boss is thinking to kick out
me...
LorenzoOn 5 Jul 2004 03:30:00 -0700, joker197cinque@.yahoo.it (FabriZio)
wrote:

>I'm pretty sure that I'm under a sort of attack towards my w2k server
>sp4/Sql server 2ksp3a box machine.
>I run a web server with IIS5 and Sql 2k together.
>- 1433/1434 closed by firewall.
>- Virus free
>- All patched
>I usually monitor proc activity (and some other stuff) from windows
>perfmon and in past months I was about 45%/55% of activity daily.
>It is about 15 days that my box receives tons of http requests in IIS
>and because all of my pages connect to db and run n queries this
>anomalous activities crash my server.
>Please how can I do to solve this problem?
Look at the IIS log and determine the source, then block it in the
firewall. You don't give any details on your SQL or the queries, but
basic SQL injection attempts could be what you're seeing, in which
case you need to deal with it in your code.

>For example how can I know if these requests are made by a trojan
>horse on my box or something else?
Check your firewall logs for the source.

>Please help me I'm really sad :-(( my boss is thinking to kick out
>me...
Logfiles. Read them.
Jeff