By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,454 Members | 1,795 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,454 IT Pros & Developers. It's quick & easy.

Spoofing a TCP/IP address? Stopping SQL Injection.....

P: n/a
I have a website that somebody is trying to hack with SQL Injection. (He was
already successful but I have fixed the vulnerability) I have already fixed
the website so it's 'safe' from the injection. I even have it redirect to
another web site (not mine but an innocuous third party) when it get's
things that don't match my criteria.

Is there any way to stop/block this yahoo from attempting this? It's getting
old. I have the system e-mail me when it happens and last night he attempted
about 25 times - twice every 1/2 hour.

I've checked the IIS logs and they all come from different TCP/IP addresses
so I can't block based on TCP/IP.

It's just annoying.

Anybody have any suggestions on what to do to get this yahoo to stop it?

BTW - his SQL injection puts code in the text fields that would download a
trojan that would then install something on your machine. So it was pretty
malicious.....

TIA - Jeff.
Sep 18 '08 #1
Share this Question
Share on Google+
4 Replies


P: n/a
It is hard to stop someone from hitting your site completely, especially if
he is either a) spoofing and IP or b) using some unwitting dolts computer to
hit yours. You can, however, harden the application. I would look at the
Patterns and Practices material on hardening. One good place to start is the
threat modeling book:
http://msdn.microsoft.com/en-us/library/ms978516.aspx

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog
http://feeds.feedburner.com/GregoryBeamer#

or just read it:
http://feeds.feedburner.com/GregoryBeamer

********************************************
| Think outside the box! |
********************************************
"Mufasa" <jb@nowhere.comwrote in message
news:O8*************@TK2MSFTNGP06.phx.gbl...
>I have a website that somebody is trying to hack with SQL Injection. (He
was already successful but I have fixed the vulnerability) I have already
fixed the website so it's 'safe' from the injection. I even have it
redirect to another web site (not mine but an innocuous third party) when
it get's things that don't match my criteria.

Is there any way to stop/block this yahoo from attempting this? It's
getting old. I have the system e-mail me when it happens and last night he
attempted about 25 times - twice every 1/2 hour.

I've checked the IIS logs and they all come from different TCP/IP
addresses so I can't block based on TCP/IP.

It's just annoying.

Anybody have any suggestions on what to do to get this yahoo to stop it?

BTW - his SQL injection puts code in the text fields that would download a
trojan that would then install something on your machine. So it was pretty
malicious.....

TIA - Jeff.

Sep 18 '08 #2

P: n/a
What do you mean by stopping?
Physically? No you can not do that. He is still going to continue to hit
your server with bad urls.

If you mean to prevent him from being successful then I thought you already
did it.

PS: You can block the IP address in Windows (look it up in Google, but you
need Admin rights on a server I believe) but from my experience the IP
address is changing and in a week you will get attempts from different IP.

George.
"Mufasa" <jb@nowhere.comwrote in message
news:O8*************@TK2MSFTNGP06.phx.gbl...
>I have a website that somebody is trying to hack with SQL Injection. (He
was already successful but I have fixed the vulnerability) I have already
fixed the website so it's 'safe' from the injection. I even have it
redirect to another web site (not mine but an innocuous third party) when
it get's things that don't match my criteria.

Is there any way to stop/block this yahoo from attempting this? It's
getting old. I have the system e-mail me when it happens and last night he
attempted about 25 times - twice every 1/2 hour.

I've checked the IIS logs and they all come from different TCP/IP
addresses so I can't block based on TCP/IP.

It's just annoying.

Anybody have any suggestions on what to do to get this yahoo to stop it?

BTW - his SQL injection puts code in the text fields that would download a
trojan that would then install something on your machine. So it was pretty
malicious.....

TIA - Jeff.

Sep 18 '08 #3

P: n/a
Its better if you improve you code and follow some kill char
functions.

NIraj
On Sep 18, 10:13*pm, "George" <noem...@comcast.netwrote:
What do you *mean by stopping?
Physically? No you can not do that. He is still going to continue to hit
your server with bad urls.

If you mean to prevent him from being successful then I thought you already
did it.

PS: You can block the IP address in Windows (look it up in Google, but you
need Admin rights on a server I believe) but from my experience the IP
address is changing and in a week you will get attempts from different IP..

George.

"Mufasa" <j...@nowhere.comwrote in message

news:O8*************@TK2MSFTNGP06.phx.gbl...
I have a website that somebody is trying to hack with SQL Injection. (He
was already successful but I have fixed the vulnerability) I have already
fixed the website so it's 'safe' from the injection. I even have it
redirect to another web site (not mine but an innocuous third party) when
it get's things that don't match my criteria.
Is there any way to stop/block this yahoo from attempting this? It's
getting old. I have the system e-mail me when it happens and last nighthe
attempted about 25 times - twice every 1/2 hour.
I've checked the IIS logs and they all come from different TCP/IP
addresses so I can't block based on TCP/IP.
It's just annoying.
Anybody have any suggestions on what to do to get this yahoo to stop it?
BTW - his SQL injection puts code in the text fields that would download a
trojan that would then install something on your machine. So it was pretty
malicious.....
TIA - Jeff.
Sep 19 '08 #4

P: n/a
Thanks everybody for your help. I guess there's not a whole I can do to stop
it - I just have to make sure that it doesn't cause any problems.

J.

"Niraj Ranka" <ni********@gmail.comwrote in message
news:3a**********************************@q5g2000p rf.googlegroups.com...
Its better if you improve you code and follow some kill char
functions.

NIraj
On Sep 18, 10:13 pm, "George" <noem...@comcast.netwrote:
What do you mean by stopping?
Physically? No you can not do that. He is still going to continue to hit
your server with bad urls.

If you mean to prevent him from being successful then I thought you
already
did it.

PS: You can block the IP address in Windows (look it up in Google, but you
need Admin rights on a server I believe) but from my experience the IP
address is changing and in a week you will get attempts from different IP.

George.

"Mufasa" <j...@nowhere.comwrote in message

news:O8*************@TK2MSFTNGP06.phx.gbl...
I have a website that somebody is trying to hack with SQL Injection. (He
was already successful but I have fixed the vulnerability) I have already
fixed the website so it's 'safe' from the injection. I even have it
redirect to another web site (not mine but an innocuous third party) when
it get's things that don't match my criteria.
Is there any way to stop/block this yahoo from attempting this? It's
getting old. I have the system e-mail me when it happens and last night
he
attempted about 25 times - twice every 1/2 hour.
I've checked the IIS logs and they all come from different TCP/IP
addresses so I can't block based on TCP/IP.
It's just annoying.
Anybody have any suggestions on what to do to get this yahoo to stop it?
BTW - his SQL injection puts code in the text fields that would download
a
trojan that would then install something on your machine. So it was
pretty
malicious.....
TIA - Jeff.

Sep 19 '08 #5

This discussion thread is closed

Replies have been disabled for this discussion.