Injection Attack?

I have a DB on a site that is not really up anymore (a redirect because of a
merger), and it seems to have been attacked.

I always use REMOTE_IP so that I have a record and able to ban IP's of the
endless form spammers, however on this attack, the IP listed is my local IP
(actually my old one since I changed ISP's).

I was wondering how they did this and how do I protect on other DB's.

Some of the other injected text inot almost every field is.

1 AND USER_NAME() =

\'; DESC users; --

1\' OR \'1\'=\'1

There is plenty more, however they submitted the form about 12 times per
second.

Any thoughts?

Gary



__________ Information from ESET Smart Security, version of virus signature database 4895 (20100225) __________

The message was checked by ESET Smart Security.

http://www.eset.com





--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Injection Attack?

Gary wrote:
> I have a DB on a site that is not really up anymore (a redirect because of a
> merger), and it seems to have been attacked.
>
> I always use REMOTE_IP so that I have a record and able to ban IP's of the
> endless form spammers, however on this attack, the IP listed is my local IP
> (actually my old one since I changed ISP's).
>
> I was wondering how they did this and how do I protect on other DB's.
>
> Some of the other injected text inot almost every field is.
>
> 1 AND USER_NAME() =
>
> \'; DESC users; --
>
> 1\' OR \'1\'=\'1
>
> There is plenty more, however they submitted the form about 12 times per
> second.
>
> Any thoughts?

I guess you didn't use mysql_real_escape_string (or mysql_escape_string)
in your queries.

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php