SQL Injection Problem

stevebrowne · Jun 12, 2008

I'm not sure if it's been around long, but there is a big SQL injection thing doing the rounds at the moment, which is infecting lots of database driven websites.

It links back to a javascript page which tries some cross site scripting form this site: www fengnima cn

A quick protection is to add the following two lines to your hosts file (put the dots back in!):

127.0.0.1 www fengnima cn
127.0.0.1 fengnima.cn

you might want to check your database files...

DaveH · Jun 14, 2008

I'm fully aware of this bot

It's very clever in the way it does it.

I've seen it inject script from many different domains, fengnima is just 1 of many I'm afraid.

Admin · Jun 14, 2008

How do I block it from my webserver?

aZooZa · Jun 14, 2008

I've got a really persistent portscan hacker on one of my servers. So bad I've had to disable perl. These people are a bloody pest. Somehow gets mysql privileges. It's down to a hole in a php script I think. phpbb was a big culprit at one time. Anyway, it's not on my dropsystem server thank goodness.

scooter · Jun 15, 2008

Is this just SQL? or MySQL as well?

DaveH · Jun 17, 2008

The one I'm aware of creates a parameter using an @ and it uses the declare statement so I assume it would only affect mssql, however there are stills loads of bots that break out of the SQL statement using an apostrophe which would affect MySQL and other databases.