+ Reply to Thread
Posts 1 to 5 of 5
  1. #1

    Double Godlike!

    xoggoth's Avatar
    Join Date
    Jul 2005
    Location
    xoggoth towers
    Posts
    11,931
    Thanks (Given)
    1
    Thanks (Received)
    323
    Likes (Given)
    116
    Likes (Received)
    1095

    Default MySQL hacks - Putin???

    It seems pretty weird as my tiny business is hardly running for the US presidency but when I check visitors to my site who have clicked on products but not completed a purchase, 60%+ are from Russia.

    Just recently I have found two dbase records that are significantly different from the original entry as logged in my and Paypal's emails and a copy of the table. It can't be a fault in my code due to the nature of the change, the fact that umpteen other records are fine and I haven't changed the code that has been working ok for months anyway.

    I have already implemented various protections in my code, HTML entities, length limits, removed MySQL error messages, ensured that INSERT fields can't contain quotes etc. etc. but clearly need to do some more on Monday. Any pointers to best resources? Ta.
    bloggoth

    If everything isn't black and white, I say, 'Why the hell not?'
    John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

  2. #2

    Double Godlike!

    stek's Avatar
    Join Date
    Oct 2009
    Location
    East of Eden
    Posts
    10,706
    Thanks (Given)
    3
    Thanks (Received)
    230
    Likes (Given)
    11
    Likes (Received)
    1379

    Default

    No Cyrillic?

  3. #3

    Souper Poster


    Join Date
    Apr 2008
    Posts
    15,208
    Thanks (Given)
    4
    Thanks (Received)
    95
    Likes (Given)
    5
    Likes (Received)
    547

    Default

    You probably just have to accept an amount of bot traffic looing for exploits hitting your site.

    If I ever check the requests logs for my sites there is always bazillions of entries for wordpress urls.
    Genesis 3:25

  4. #4

    More time posting than coding

    darrylmg's Avatar
    Join Date
    Sep 2012
    Location
    UK - South West
    Posts
    245
    Thanks (Given)
    2
    Thanks (Received)
    4
    Likes (Given)
    1
    Likes (Received)
    24

    Default

    Check out OWASP.
    Implement some tried and tested input filtering to prevent sql injection attacks.
    Don't believe it, until you see it!

  5. #5

    Double Godlike!

    xoggoth's Avatar
    Join Date
    Jul 2005
    Location
    xoggoth towers
    Posts
    11,931
    Thanks (Given)
    1
    Thanks (Received)
    323
    Likes (Given)
    116
    Likes (Received)
    1095

    Default

    Cheers, OWASP looks worth a look. I like wasps anyway.
    bloggoth

    If everything isn't black and white, I say, 'Why the hell not?'
    John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Content Relevant URLs by vBSEO 3.6.0 ©2011, Crawlability, Inc.