Someone's attempt to sql inject my site - not!!! Hahahaha

**dodie** · 02-07-2009, 12:26 PM

Please open this link on your browsers.

You'll see some commands sent by someone who's trying to MYSQL INJECT my site.
I already prepared for it... I really appreciate his efforts.

this url address ------> fanonychan.com/bulletin.php?id=88

I didn't remove the messages, I like everybody to see how things goes. hahahaha!!!!

LESSON:
Always make trace logs on your databases.

here is the log:

As you can see, the time difference is very close... difference is 1 minute. You'll see that he is changing I.P. addresses within those two minutes. While he's performing SQL commands, and the same time, he's chaning I.P. addresses. He is using 2 IP addresses. That means he is using 2 PCs at that time.

It seems my database didn't have any damages.

**bgsa2472** · 02-07-2009, 01:02 PM

Thats why you should use hard passcode for your databases and cpanel

Dugay na na nga problems sa Mysql with linux uy.

@ BGSA Web Hosting Services

**RU9halogen** · 02-07-2009, 08:05 PM

Dodie.. who inject it? hehehehe... maybe some bot out there

**dodie** · 02-07-2009, 09:42 PM

Originally Posted by RU9halogen

Dodie.. who inject it? hehehehe... maybe some bot out there

Whatever it is human or bot....

The way i see it, it's a human attempting to perform, see the IP addresses.

**KungfuPanda** · 02-07-2009, 10:58 PM

ka hambogero pud nimo dodie sure ka dili na ma injectan imo website? you must be a god hahahahaha

**ChaosOrb** · 02-08-2009, 12:36 AM

sure ka dods? Hehehehe, naa ko patirahon sa imong site, just give me a go signal, para masugdan dayon? Hehehehe

**dodie** · 02-08-2009, 08:38 AM

hhhmmmm... thanks guys to the recent events of my stupid site. I made this site also for this purpose.
I did some tweaking, I traced all my logs into it. I did notice some actions I haven't trapped all.... sorry for that. hahaha

This is a good step to improve website development. yay!!!!

@CHAOSORB
If you can inject it, let me know... I'll improve the trapping, if it is successful, I'd be happy to share it to you and everyone.
You have until Wednesday, don't go beyond that.

let's help together improving our sites

Report here, this is a new learning!!!!

yey

**dodie** · 02-08-2009, 09:09 AM

@ChaosOrb Please inject, I want you to test this. You have until Wednesday, then report back here.

As of now on this site.......to enforce all input strings into valid numbers.

example:
$getsamplevar=(double)$getsamplevar;

explaination:
'1somethingsomething' will transform into '1'

'1' is a valid numerical to 1

'1' and 1 are not equal. But they are equal during convertion.

is_numerical() php internal function
With the help of this function, I can check that if it s a valid number.

**nekkabhabes** · 02-08-2009, 09:58 AM

LOL!~~~~! wala ko ka gets.. nsa e inject?

**r0mm3L** · 02-08-2009, 11:16 AM

yep unsa na? hehe

Thread: Someone's attempt to sql inject my site - not!!! Hahahaha

Thread Tools

Search Thread