Results 1 to 7 of 7
  1. #1
    ABW Ambassador Georgie Peri's Avatar
    Join Date
    January 18th, 2005
    Location
    Norwalk, CT
    Posts
    846
    Unhappy Crazy Botnets / Sql attacks today ...
    So yah .. I have been in war for a good part of today against a huge botnet / sql attack -

    I cant believe the amount of computers IP Address these people have ...

    I keep blocking and they keep coming back with tons of new ips ..

    OMG! I never seen it this bad ...
    OpA! Giasou Ti kanies!

  2. #2
    notary sojac Herb ԿԬ's Avatar
    Join Date
    January 18th, 2005
    Location
    Central/Western NY State
    Posts
    7,741
    good luck!

  3. #3
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Keep everything patched, validate those SQL inputs (whatever that means). Usually the storm passes.

    Occasionally the bad guys even get caught and stopped.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  4. #4
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    Validating all input is really important. If you're selecting products that match a search string, like

    SELECT link, name, price FROM products WHERE name LIKE '%$input%'

    If someone tries to search for... anything'; DELETE * FROM products WHERE name LIKE '% ... then without validation your SQL statement becomes:

    SELECT link, name, price FROM products WHERE name LIKE 'anything'; DELETE * FROM products WHERE name LIKE '%'

    Which results in your entire product database being deleted.

    Similar techniques are used to hijack email scripts to send spam.

    Always, always, always check input parameters to make sure they're what you expected.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  5. #5
    ABW Ambassador Georgie Peri's Avatar
    Join Date
    January 18th, 2005
    Location
    Norwalk, CT
    Posts
    846
    I had 3 waves of attacks -

    First was a general sweeping scan of as many urls as they got to .. before I blocked the IP's

    Once I blocked the IPs, another set of different IPs came in with SQL inject attempts ...

    This was repeated x3 over various hours, I ponder if this was really a random type of a hack or someone attempting to cause harm ..

    ~~~~
    Do you guys see this stuff happening on your sites time from time?


    Thanks for the responces and intel!
    OpA! Giasou Ti kanies!

  6. #6
    ABW Ambassador isellstuff's Avatar
    Join Date
    November 9th, 2005
    Location
    Virginia
    Posts
    1,659
    Quote Originally Posted by Magi
    Do you guys see this stuff happening on your sites time from time?
    I see javascript/sql injections all the time.

    Once, I forgot to disable anonymous FTP on my ftp server when I upgraded to new hardware. Why does Windows Server 2003 enable anonymous FTP by default??? Luckily I figured out that my server was now hosting torrent files pretty quickly because they used up all of my disk space. This happened before they could use up my monthly bandwidth allotment.

    The only DDOS attack launched on my websites came courtesy of Yahoo Search Marketing's adbot. It doesn't (didn't?) scale back requests when responses slow. I have a hardware load balancer account that can only take 200 active requests a time and the YSM adbot was using them all.
    Merchants, any data you provide to Google Shopping should also be in your affiliate network datafeed. More data means more sales!

  7. #7
    Grandma broke her coccyx! Uncle Rico's Avatar
    Join Date
    May 8th, 2007
    Location
    North Carolina
    Posts
    2,238
    I usually do the following on any input parms that result in a backend sql call....

    Code:
    $something = htmlspecialchars(trim($_GET['something']));
    //
    //Get connection to database
    //
    $something = mysql_real_escape_string( $something );

  8. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Google Likes SQL Insertion Attacks?
    By CanadianDave in forum Search Engine Optimization
    Replies: 1
    Last Post: October 31st, 2011, 12:18 PM
  2. How do you deal with crazy high affiliate commissions so common today?
    By Jim Guinn in forum Merchant Best Practices Forum
    Replies: 22
    Last Post: March 27th, 2009, 01:57 AM
  3. Preventing SQL injection attacks
    By PatrickAllmond in forum Programming / Datafeeds / Tools
    Replies: 10
    Last Post: October 22nd, 2007, 06:58 PM
  4. Storm Virus plagues the Net with Botnets
    By ecomcity in forum Suspicious Activity!
    Replies: 11
    Last Post: July 27th, 2007, 12:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •