Today we had a kind of security attack. I was happy it was not done due a webserver hack but by a modification of a access 2000 DB file. In this file there is a artist-contactadresses table and users are able to add themself to the DB using webforms on the site.<BR><BR>The &#039;hacker&#039; (ok, maybe a would-be but... the person who did this) had first copied the original table of the DB to contact_yourehappythatididthis before manipulating the data.<BR><BR>My question is how they did this and how I&#039;ve to prevent this. Modification of the data by using the forms is possible off course, but how he copied the DB table?<BR><BR>Acually, I allready changed some things but I don&#039;t know if it was the right thing. <BR><BR>Please suggest me...<BR><BR>Technical information<BR>- ASP connection string in global.asa file<BR>- connection by ODBC<BR>- DB file was outsite the wwwroot folder (so, not accesable by http I guess)<BR>- DB folder was however full control for &#039;everyone&#039;<BR>- win2K server/with SP2 & some security fixes (maybe not all of them)<BR><BR>What I&#039;ve done now...<BR>- removed &#039;everyone&#039; from the file security<BR>- changed the connection string from ODBC to OLE-DB and removed the ODBC connection with the database<BR><BR>Is this enough?<BR><BR>You can find the website at, please feel free to do some checkups if needed. But please don&#039;t modify data and inform me of your actions :)<BR><BR>Thanks a lot!<BR><BR>Hans<BR>