Hackers are getting annoying

Posted on October 5, 2017 by mark

My web logs show quite a few sites are now appending the below string to GET query requests that take parameters, the string below has been appended to quite a few requests to my website by multiple ip-addresses.

or (1,2)=(select*from(select name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a) -- and 1=1'

Below are two addresses that were overzealous in doing so and were causing enough log activity for me to take action to block them to make my logs readable again.

[root@vosprey2 tmp]# nslookup 184.168.192.72
72.192.168.184.in-addr.arpa name = p3nlwpweb050.shr.prod.phx3.secureserver.net.

root@vosprey2 tmp]# nslookup 95.154.220.205
205.220.154.95.in-addr.arpa name = server.ambinet.net.

Just shows hackers are still randomly target any internet facing site, even personal ones.

About mark

At work, been working on Tandems for around 30yrs (programming + sysadmin), plus AIX and Solaris sysadmin also thrown in during the last 20yrs; also about 5yrs on MVS (mainly operations and automation but also smp/e work). At home I have been using linux for decades. Programming background is commercially in TAL/COBOL/SCOBOL/C(Tandem); 370 assembler(MVS); C, perl and shell scripting in *nix; and Microsoft Macro Assembler(windows).
This entry was posted in Unix. Bookmark the permalink.