Blog | Scams

URL web address attempted breakins

We have for some considerable time been monitoring all the URL web addresses that are submitted to our maby websites. It doesn`t stop robot servers continually trying to break in.

This particular page on the web site has the URL web address of : http://2mx.co.uk/news.php?c=Blog&sc=Scams&ID=3643

If as a devloper you do not monitor the values c and ID then badly formatted data can inject data int your database or access files on your server.

We have successfully attempted 3,462 separate IP addresses from breaking into our system. Some of these have tried over 33,000 times (.ru), some give up after the 1st or second attempt !.

For example, if you see this on an address in your apache log you know you are seeing potential hacks.

URL = ?c=Help&Aotf=6605%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_=%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23




/news.php :: /news.php?c=Blog&sc=Scams&ID=3643