My web logs show quite a few sites are now appending the below string to GET query requests that take parameters, the string below has been appended to quite a few requests to my website by multiple ip-addresses.<\/p>\n
\r\nor (1,2)=(select*from(select name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a) -- and 1=1'\r\n<\/pre>\nBelow are two addresses that were overzealous in doing so and were causing enough log activity for me to take action to block them to make my logs readable again.<\/p>\n
\r\n[root@vosprey2 tmp]# nslookup 184.168.192.72\r\n72.192.168.184.in-addr.arpa name = p3nlwpweb050.shr.prod.phx3.secureserver.net.\r\n\r\nroot@vosprey2 tmp]# nslookup 95.154.220.205\r\n205.220.154.95.in-addr.arpa name = server.ambinet.net.\r\n<\/pre>\nJust shows hackers are still randomly target any internet facing site, even personal ones.<\/p>\n","protected":false},"excerpt":{"rendered":"
My web logs show quite a few sites are now appending the below string to GET query requests that take parameters, the string below has been appended to quite a few requests to my website by multiple ip-addresses. or (1,2)=(select*from(select … Continue reading