Just got a call from the store owner. Two empty product categories were somehow added to the store. There's nothing unusual in the audit log except that one employee who is off today was recorded as having logged on early this AM. We haven't been able to determine if he added the categories or not.
Are there any timestamps or anything recorded in the database as to when these categories were created? We'd like to determine if this happened while anybody was logged in or at some other time. The bogus categorys were already deleted but I'd like to be able to jump on this if it happens again.
Possible hack attempt - advice to determine when it happened
Re: Possible hack attempt - advice to determine when it happened
You can try to execute following query to see when last update occurred on category table
Replace databasename here with your actual database name. In result check value in last_user_update column
Code: Select all
SELECT OBJECT_NAME(OBJECT_ID) AS TableName,*
FROM sys.dm_db_index_usage_stats
WHERE database_id = DB_ID('databasename here')
AND OBJECT_ID = OBJECT_ID('ac_Categories')
.comRe: Possible hack attempt - advice to determine when it happened
Mazhar,
Thank you. I will bookmark this for future reference. I just go called by the store owner and it turns out is was operator error by his staff.
Your query is still a useful diagnostic.
Thank you. I will bookmark this for future reference. I just go called by the store owner and it turns out is was operator error by his staff.
Your query is still a useful diagnostic.