Results 1 to 7 of 7
December 16th, 2009, 11:28 PM #1Crazy Botnets / Sql attacks today ...
So yah .. I have been in war for a good part of today against a huge botnet / sql attack -
I cant believe the amount of computers IP Address these people have ...
I keep blocking and they keep coming back with tons of new ips ..
OMG! I never seen it this bad ...OpA! Giasou Ti kanies!
December 17th, 2009, 07:07 AM #2
December 17th, 2009, 08:53 AM #3
December 17th, 2009, 09:00 AM #4
Validating all input is really important. If you're selecting products that match a search string, like
SELECT link, name, price FROM products WHERE name LIKE '%$input%'
If someone tries to search for... anything'; DELETE * FROM products WHERE name LIKE '% ... then without validation your SQL statement becomes:
SELECT link, name, price FROM products WHERE name LIKE 'anything'; DELETE * FROM products WHERE name LIKE '%'
Which results in your entire product database being deleted.
Similar techniques are used to hijack email scripts to send spam.
Always, always, always check input parameters to make sure they're what you expected.
December 17th, 2009, 09:55 AM #5
I had 3 waves of attacks -
First was a general sweeping scan of as many urls as they got to .. before I blocked the IP's
Once I blocked the IPs, another set of different IPs came in with SQL inject attempts ...
This was repeated x3 over various hours, I ponder if this was really a random type of a hack or someone attempting to cause harm ..
Do you guys see this stuff happening on your sites time from time?
Thanks for the responces and intel!OpA! Giasou Ti kanies!
December 17th, 2009, 03:21 PM #6Originally Posted by Magi
Once, I forgot to disable anonymous FTP on my ftp server when I upgraded to new hardware. Why does Windows Server 2003 enable anonymous FTP by default??? Luckily I figured out that my server was now hosting torrent files pretty quickly because they used up all of my disk space. This happened before they could use up my monthly bandwidth allotment.
The only DDOS attack launched on my websites came courtesy of Yahoo Search Marketing's adbot. It doesn't (didn't?) scale back requests when responses slow. I have a hardware load balancer account that can only take 200 active requests a time and the YSM adbot was using them all.Merchants, any data you provide to Google Shopping should also be in your affiliate network datafeed. More data means more sales!
December 17th, 2009, 04:52 PM #7
I usually do the following on any input parms that result in a backend sql call....
$something = htmlspecialchars(trim($_GET['something'])); // //Get connection to database // $something = mysql_real_escape_string( $something );
By CanadianDave in forum Search Engine OptimizationReplies: 1Last Post: October 31st, 2011, 12:18 PM
By Jim Guinn in forum Merchant Best Practices ForumReplies: 22Last Post: March 27th, 2009, 01:57 AM
By PatrickAllmond in forum Programming / Datafeeds / ToolsReplies: 10Last Post: October 22nd, 2007, 06:58 PM
By ecomcity in forum Suspicious Activity!Replies: 11Last Post: July 27th, 2007, 12:59 AM