SQL injection Attacks

[Mark Flewellen]

Hi Guys,

Someone has been attempting sql injection attacks unsucessfully on one
of my sites. Just wondering what other users do in this situation,
report it or is it a bit of a lost cause doing this.

Any advice would be welcome.

Mark

[Indy Nagpal]

Hi Mark... Do you have details of the attacker? I would certainly alert the ISP to this.

On another note... how did you discover that someone was trying to do this on your site? Log files?

[Mark Flewellen]

I normally get notified by email should an error occur on the site, I just had a look at the url they were trying to access and it looked a bit suspicious some of the stuff they had added to the back of the URL. The attack came from some province in China as my notification noted, so in terms of notifying an ISP this could be difficult. Is there any easy way to identify who the ISP is, can this be identified via the IP Address?

Mark

[Indy Nagpal]

I've normally done a Traceroute to the IP that the hackers comes from. The last few entries would usually indicate the ISP name broadly.

--

Indiver Nagpal
Straker Interactive

Email: in...@shadocms.com
Web: www.shadocms.com
Skype: indy_at_straker
MSN: in...@straker.co.nz
Phone: +64 9 309 8298

[Adam Lapsley]

Re SQL injection attacks:

I used to grind my teeth and try and chase them but always ended up just
wasting my time.

If you have logged their IP address (and it was a really amateur
script-kiddy who didn't use a relay server) there is a chance you can
contact their ISP, but this is unlikely to lead to anything, especially if
they didn't do any damage. Just let it go (and beef up your security!).

One thing I do on my online ordering systems is: when I see an SQL injection
pattern, I divert the session to a page (Hello-Hacker.cfm) that prints out
as much info as I can gather about the connection, and plainly say I have
just logged this. It seems to worry them, I rarely get more than one
attempt.

Adam Lapsley