mardi 28 avril 2015

Stop SQL Injection through .htaccess

We have been the target of some nasty SQL injection attacks - all hitting the same page, and using roughly the same injection parameters. They aren't actually getting anywhere, but when they hit the same page it takes up server resources and slows everything down.

I've attempted using a generic SQL Injection code block like the one found here, but not 100% it's actually working.

I've taken a snippet of the URL they are hitting, see below:

b%27%20and%20if%28Length%28%28database%28%29%29%29%3C24%2CBENCHMARK%281206122%2CMD5%280x41%29%29%2C0%29%20and%20%27x%27%3D%27x

I just want to send them to an error page or something, but not quite sure how to implement what I am after.

Any and all help appreciated.

On a side note, it is not a Wordpress directory they are hitting, so Wordpress security plug-ins are no good.

Cheers, BH-Tech

I'd also add that the injection parameters are not in a query string. The requests are similar to below:

/directory/hospitals/http://www.domain%27%20and%20if%28Length%28%28select%20distinct%20table_name%20from%20%60information_schema%60.tables%20where%20table_schema%3D%27mysql%27%20limit%200%2C1%29%29%3D13%2CBENCHMARK%281925550%2CMD5%280x41%29%29%2C0%29%20and%20%27x%27%3D%27x.com/directory/hospitals/

Aucun commentaire:

Enregistrer un commentaire