/?;DECLARE ... in log ??

Portal Home > Knowledgebase > Articles Database > /?;DECLARE ... in log ??

Posted by expatCanuck, 08-28-2008, 03:30 PM
Greetings. Recently received a hit on my site in the following form: /?;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0 ... Anyone know whassup with this? Thanks. - Richard
Posted by lamerfreak, 08-28-2008, 03:49 PM
SQL injection attempt on a script, in general, I believe. Specifically, unsure. If it was rejected, I wouldn't worry much.
Posted by expatCanuck, 08-28-2008, 04:00 PM
How can I determine whether an SQL injection attack was rejected?
Posted by larwilliams, 08-28-2008, 04:03 PM
It's a SQL Injection attack directed at Microsoft SQL Server. Googling gives this:
Posted by larwilliams, 08-28-2008, 04:06 PM
If you are using Apache, install mod_security and once you configure it properly, it will e-mail you when there is an attack that it intercepted. As far as other web servers, I am unsure.
Posted by xoleno, 08-28-2008, 07:32 PM
You may also want to see my recent topic : http://www.webhostingtalk.com/showthread.php?t=718063 which contains a solution.
Posted by larwilliams, 08-29-2008, 12:09 AM
I see nothing besides flaming of cPanel... if you want a solution, I can post a good mod_security configuration.
Posted by AHFBWEB, 08-29-2008, 07:53 AM
add to your htaccess
Posted by gpl24, 08-30-2008, 01:14 AM
I had a bunch of those lately. Mostly targeted at 1 file in certain.. they then moved to the nameserver site (ns.exampleurl.com) and probed it a bit, went back to the original file and kept hammering it. I eventually got sick of it filling my logs and blocking the zillions of different IP ranges and moved the file. They kept trying for a bit and eventually disappeared.