Portal Home > Knowledgebase > Articles Database > /?;DECLARE ... in log ??
/?;DECLARE ... in log ??
Posted by expatCanuck, 08-28-2008, 03:30 PM |
Greetings.
Recently received a hit on my site in the following form:
/?;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0 ...
Anyone know whassup with this?
Thanks.
- Richard
|
Posted by lamerfreak, 08-28-2008, 03:49 PM |
SQL injection attempt on a script, in general, I believe. Specifically, unsure. If it was rejected, I wouldn't worry much.
|
Posted by expatCanuck, 08-28-2008, 04:00 PM |
How can I determine whether an SQL injection attack was rejected?
|
Posted by larwilliams, 08-28-2008, 04:03 PM |
It's a SQL Injection attack directed at Microsoft SQL Server. Googling gives this:
|
Posted by larwilliams, 08-28-2008, 04:06 PM |
If you are using Apache, install mod_security and once you configure it properly, it will e-mail you when there is an attack that it intercepted. As far as other web servers, I am unsure.
|
Posted by xoleno, 08-28-2008, 07:32 PM |
You may also want to see my recent topic :
http://www.webhostingtalk.com/showthread.php?t=718063
which contains a solution.
|
Posted by larwilliams, 08-29-2008, 12:09 AM |
I see nothing besides flaming of cPanel... if you want a solution, I can post a good mod_security configuration.
|
Posted by AHFBWEB, 08-29-2008, 07:53 AM |
add to your htaccess
|
Posted by gpl24, 08-30-2008, 01:14 AM |
I had a bunch of those lately. Mostly targeted at 1 file in certain.. they then moved to the nameserver site (ns.exampleurl.com) and probed it a bit, went back to the original file and kept hammering it.
I eventually got sick of it filling my logs and blocking the zillions of different IP ranges and moved the file. They kept trying for a bit and eventually disappeared.
|
Add to Favourites Print this Article
Also Read
Virpus Down? (Views: 653)