php - 18,000 MySQL injection attempts per day: Stopping the attempts -


this question not protecting against sql injection attacks. question has been answered many times on stackoverflow , have implemented techniques. stopping attempts.

recently site has been hit huge numbers of injection attacks. right now, trap them , return static page.

here's url looks like:

/products/product.php?id=1

this attack looks like:

/products/product.php?id=-3000%27%20in%20boolean%20mode%29%20union%20all%20select%2035%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c%27qopjq%27%7c%7c%27ijijvkybho%27%7c%7c%27qhwnq%27%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35%2c35--%20

i know sure isn’t bad link or fat-fingered typing don't want send them overview page. don’t want use resources on site delivering static pages.

i’m considering letting page die die(). there wrong approach? or there html return code can set php more appropriate?

edit:

based on couple of comments below, looked how return 'page not found'. stack overflow answer icktoofay suggests using 404 , die(); - bot thinks there isn’t page , might go away, , no more resources used display page not found message.

header("http/1.0 404 not found"); die();

filtering out injection attempts mod_security for.

it can take quite bit of work configure recognize legitimate requests app.

another common method block ip addresses of malicious clients when detect them.


Comments

Post a Comment

Popular posts from this blog

c# - Send Image in Json : 400 Bad request -

from android trying send image class of data, iis webservice. (c#) the problem 400 bad request . the image being encoded base64 . , placed json rest of class elements. my guess base64 not valid inside json. server not understand it. if set string "" , post accepted fine. so question is, how make base64 valid within json array? ( tried url.encode no success). or how should send image android webservice? gson gson = new gson(); string json = gson.tojson(record); // record has param { string base64photo } how big image? i'm pretty sure surpassing iis json size limit (default 4 mb). check http://geekswithblogs.net/frankw/archive/2008/08/05/how-to-configure-maxjsonlength-in-asp.net-ajax-applications.aspx or http://www.webtrenches.com/post.cfm/iis7-file-upload-size-limits good luck!
Read more

javascript - addthis share facebook and google+ url -

i attempting use addthis create simple url shares whichever current page user on when click share button. of right now, have twitter working. when user clicks, able see url populated in tweet box. when user clicks facebook or google+, url doesn't seem show in share box. <ul class="addthis_toolbox addthis_default_style "> <li><a class="addthis_button_facebook"><img src="/img/facebook-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_twitter"><img src="/img/twitter-social.png" width="20" height="20" border="0" alt="share" /></a></li> <li><a class="addthis_button_google_plusone_share"><img src="/img/google-social.png" width="20" height="20" border="0" alt="s...
Read more

ios - Show keyboard with UITextField in the input accessory view -

i have buttona , when buttona clicked, want keyboard show uitextfield in inputaccessoryview. there way have keyboard show manually , set inputaccessoryview without having uitextfield initially? thanks. you cannot summon keyboard without object can become first responder. there 2 ways work around: subclass uiview , implement uikeyinput protocol in it. example: in .h file: @interface inputobject : uiview<uikeyinput> @property (nonatomic, copy) nsstring *text; @property (nonatomic, strong) uiview *inputaccessoryview; // must override inputaccessoryview , since it's readonly default @end in .m file, implement protocol: - (bool)canbecomefirstresponder { return yes; } - (bool)hastext { return [self.text length]; } - (void)inserttext:(nsstring *)text { nsstring *selftext = self.text ? self.text : @""; self.text = [selftext stringbyappendingstring:text]; [[nsnotificationcenter defaultcenter] postnotificationname:kinputobjec...
Read more