SQL Injection Problem

[stevebrowne]

I'm not sure if it's been around long, but there is a big SQL injection thing doing the rounds at the moment, which is infecting lots of database driven websites.

It links back to a javascript page which tries some cross site scripting form this site: www fengnima cn

A quick protection is to add the following two lines to your hosts file (put the dots back in!):

127.0.0.1 www fengnima cn
127.0.0.1 fengnima.cn

you might want to check your database files...

 

[DaveH]

I'm fully aware of this bot It's very clever in the way it does it.

I've seen it inject script from many different domains, fengnima is just 1 of many I'm afraid.

 

[Admin]

How do I block it from my webserver?

 

[aZooZa]

I've got a really persistent portscan hacker on one of my servers. So bad I've had to disable perl. These people are a bloody pest. Somehow gets mysql privileges. It's down to a hole in a php script I think. phpbb was a big culprit at one time. Anyway, it's not on my dropsystem server thank goodness.

 

[scooter]

Is this just SQL? or MySQL as well?

 

[DaveH]

The one I'm aware of creates a parameter using an @ and it uses the declare statement so I assume it would only affect mssql, however there are stills loads of bots that break out of the SQL statement using an apostrophe which would affect MySQL and other databases.