Blog | Scams

URL web address attempted breakins

We have for some considerable time been monitoring all the URL web addresses that are submitted to our maby websites. It doesn`t stop robot servers continually trying to break in.

picThis particular page on the web site has the URL web address of : or on our permalink site

If as a developer you do not monitor the values c and ID then badly formatted data can inject data int your database or access files on your server.

We have successfully blocked 22,000+ separate IP addresses from breaking into our system. Some of these have tried over 33,000 times (.ru), some give up after the 1st or second attempt !

Why wait for hackers to break in, block them on the first attempt. if they have "=" or "script" in the URL then ban them immediately. Don`t give them hundreds or thousands of chances to attempt a break in !

I don`t run Wordpress, if I see a wordpress attempt on our sites I ban that IP address immediately. Why I hear you ask ?? That user would know that I don`t have a wordpress website so they must be scouring looking for wordpress site to break in. So I immedtaley don`t trust them !

For example, if you see this on an address in your apache log you know you are seeing hacks and trying to break in.

URL = ?c=Help&Aotf=6605%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_=%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23