MySQL hacks - Putin??? - Contractor UK Bulletin Board

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

xoggoth replied

20 March 2017, 09:24
Cheers, OWASP looks worth a look. I like wasps anyway.
Leave a comment:
darrylmg replied

19 March 2017, 22:04
Check out OWASP.
Implement some tried and tested input filtering to prevent sql injection attacks.
Leave a comment:
minestrone replied

18 March 2017, 08:03
You probably just have to accept an amount of bot traffic looing for exploits hitting your site.

If I ever check the requests logs for my sites there is always bazillions of entries for wordpress urls.
Leave a comment:
stek replied

17 March 2017, 21:54
No Cyrillic?
Leave a comment:
xoggoth started a topic MySQL hacks - Putin???

17 March 2017, 21:44
MySQL hacks - Putin???

It seems pretty weird as my tiny business is hardly running for the US presidency but when I check visitors to my site who have clicked on products but not completed a purchase, 60%+ are from Russia.

Just recently I have found two dbase records that are significantly different from the original entry as logged in my and Paypal's emails and a copy of the table. It can't be a fault in my code due to the nature of the change, the fact that umpteen other records are fine and I haven't changed the code that has been working ok for months anyway.

I have already implemented various protections in my code, HTML entities, length limits, removed MySQL error messages, ensured that INSERT fields can't contain quotes etc. etc. but clearly need to do some more on Monday. Any pointers to best resources? Ta.
Tags: None