Archive for February 2015

What a SQL Injection Attack Looks Like In Your Server Logs

I had some spare time to do maintenance to the web sites I own, they were feeling very neglected, I must say.

Part of that maintenance involved looking through logs to determine what was causing a spike in resource utilization, since I have a shared resource plan and get hate mail when the hoster detects sustained usage over the level that I pay for.

At any rate, I discovered an attempted SQL injection attack from an IP in the Ukraine… here is the log entry (with the source IP left unedited):

Doing some research, it looks like this was probably someone using Kali/Metasploit to use a canned attack against a known issue with WordPress Photo Gallery.

For more, see:

packetstormsecurity.com

securityfocus.com

 

Shame on you, bad guys.  Shame on you.  I did the obligatory “right thing” and reported the abuse to RIPE.  It won’t make any difference, but it felt like doing nothing was a poor response.

LinkedInTwitterDeliciousShare