SQL Injection attack detection

MyE28.com Forum system comments and questions. Please post registration, login, or general forum usage problems here.
Post Reply
cek
Posts: 9206
Joined: Mar 18, 2013 6:25 PM
Location: Durango
Contact:

SQL Injection attack detection

Post by cek »

Overly aggressive SQL Injection attack detection?

http://www.mye28.com/search.php?keyword ... wn+wire%22
Jeremy
Beamter
Beamter
Posts: 15841
Joined: Feb 12, 2006 12:00 PM
Location: Connecticut

Re: SQL Injection attack detection

Post by Jeremy »

That's interesting. Did you use the "start trouble ticket" link or did you only post this here?

Hopefully Justin sees this soon and can offer something more helpful.
cek
Posts: 9206
Joined: Mar 18, 2013 6:25 PM
Location: Durango
Contact:

Re: SQL Injection attack detection

Post by cek »

Jeremy wrote:That's interesting. Did you use the "start trouble ticket" link or did you only post this here?

Hopefully Justin sees this soon and can offer something more helpful.
I did see that; for some reason I felt it wouldn't work. That was dumb of me. I guess I just assumed there's no way there's actually a support ticket system behind mye28.com. Like I said, ASSUME.

I've now clicked on that nice blue link and see that all it does is send an email. Which is awesome. Email sent.
wkohler
Posts: 50921
Joined: Oct 05, 2006 11:04 PM
Location: Phönix, Arizona, USA
Contact:

Re: SQL Injection attack detection

Post by wkohler »

This thread was spectacularly unhelpful.
cek
Posts: 9206
Joined: Mar 18, 2013 6:25 PM
Location: Durango
Contact:

Re: SQL Injection attack detection

Post by cek »

wkohler wrote:This thread was spectacularly unhelpful.
Here, maybe this photo will help:

Image
Justin_FL
MyE28 IT Guru
MyE28 IT Guru
Posts: 2822
Joined: Feb 12, 2006 12:00 PM
Location: Palm Beach
Contact:

Re: SQL Injection attack detection

Post by Justin_FL »

Perfectly valid block, really, from a security standpoint. But I did raise the triggering threshold to a maximum of 4 double quotes for the time being. It was 2 before and phpBB probably escapes the strings correctly to prevent injection attacks so we may not need the extra cautiousness. The security logs are full of injection attacks from compromised machines, though, they are not sending command code enclosed between %22s.
Post Reply