 |
Thread: Crazy Botnets / Sql attacks today ... |
|
Tools | Search |
|
#1
December 16th, 2009, 10:28 PM
|
|
|
So yah .. I have been in war for a good part of today against a huge botnet / sql attack -
I cant believe the amount of computers IP Address these people have ... I keep blocking and they keep coming back with tons of new ips .. OMG! I never seen it this bad ...
__________________
OpA! Giasou Ti kanies! |
|
|
|
|
#2
December 17th, 2009, 06:07 AM
|
|
|
good luck!
|
|
|
|
|
|
#3
December 17th, 2009, 07:53 AM
|
|
|
Keep everything patched, validate those SQL inputs (whatever that means). Usually the storm passes.
Occasionally the bad guys even get caught and stopped.
__________________
_________________________________________________ Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct. 
|
|
|
|
|
|
#4
December 17th, 2009, 08:00 AM
|
|||||||
|
Validating all input is really important. If you're selecting products that match a search string, like
SELECT link, name, price FROM products WHERE name LIKE '%$input%' If someone tries to search for... anything'; DELETE * FROM products WHERE name LIKE '% ... then without validation your SQL statement becomes: SELECT link, name, price FROM products WHERE name LIKE 'anything'; DELETE * FROM products WHERE name LIKE '%' Which results in your entire product database being deleted. Similar techniques are used to hijack email scripts to send spam. Always, always, always check input parameters to make sure they're what you expected.
__________________
|
|||||||
|
|
|||||||
|
#5
December 17th, 2009, 08:55 AM
|
|
|
I had 3 waves of attacks -
First was a general sweeping scan of as many urls as they got to .. before I blocked the IP's Once I blocked the IPs, another set of different IPs came in with SQL inject attempts ... This was repeated x3 over various hours, I ponder if this was really a random type of a hack or someone attempting to cause harm .. ~~~~ Do you guys see this stuff happening on your sites time from time? Thanks for the responces and intel!
__________________
OpA! Giasou Ti kanies! |
|
|
|
|
|
#6
December 17th, 2009, 02:21 PM
|
||
|
Quote:
Once, I forgot to disable anonymous FTP on my ftp server when I upgraded to new hardware. Why does Windows Server 2003 enable anonymous FTP by default??? Luckily I figured out that my server was now hosting torrent files pretty quickly because they used up all of my disk space. This happened before they could use up my monthly bandwidth allotment. The only DDOS attack launched on my websites came courtesy of Yahoo Search Marketing's adbot. It doesn't (didn't?) scale back requests when responses slow. I have a hardware load balancer account that can only take 200 active requests a time and the YSM adbot was using them all.
__________________
Comparison Engines |
||
|
|
||
|
#7
December 17th, 2009, 03:52 PM
|
|
|
I usually do the following on any input parms that result in a backend sql call....
Code:
$something = htmlspecialchars(trim($_GET['something'])); // //Get connection to database // $something = mysql_real_escape_string( $something ); |
|
|
|
|
|
«
Previous Thread
|
Next Thread
»
| Tools | Search |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How do you deal with crazy high affiliate commissions so common today? | Jim Guinn | Merchant Best Practices Forum | 22 | March 27th, 2009 12:57 AM |
| Happy Birthday Rexanne! | spacedog | Midnight Cafe' | 93 | February 22nd, 2007 07:35 AM |