Octavious - 12:22 am on Dec 7, 2011 (gmt 0)

Can anyone assist on how to prevent this sql injection. Our sites have been injected twice now. We applied almost all known techniques for a MS SQL database including an automated captcha process at no avail. We will apply an IP blocker for this site, but I doubt this is enough as we don't even have any records of this site's IP address recoding on our servers. If anyone has some insights, it would surely be appreciated. We are using MSSQL Express on Windows 2003 Server, IIS6.