WordPress.org

Ready to get started?Download WordPress

Forums

A question about Char Set Attacks and attacks in general (6 posts)

  1. redhousepainter
    Member
    Posted 5 years ago #

    Has anyone else been seeing a lot of this type of attack lately?...

    ';DECLARE%20@S%20CHAR(4000);SET%20@S....'

    They seem to be hammering 3 of my blogs. I'm not nuanced in the art of hacker identification but I do have a question...

    When we see something like this come up in our stats how can we tell whether their attempt was successful or not? I mean, if there are no obvious signs?

    Thanks!

  2. whooami
    Member
    Posted 5 years ago #

    The simplest thing to do is just try it yourself, and see what happens.

    If youre looking at your Apache logs, you get the whole string, you just append it as necessary

  3. redhousepainter
    Member
    Posted 5 years ago #

    whooami, thanks for your reply. It's an honor by the way!

    I appended the string to my address and got my error page. I suppose that's a good sign?

  4. whooami
    Member
    Posted 5 years ago #

    yap :)

    Thats a coldfusion hack, best I can tell. There was a very old WP problem that was similar, but thats long since been fixed. I'm guessing you googled that too and got the CF reference.

    Its recent too.

  5. redhousepainter
    Member
    Posted 5 years ago #

    Yeah, from time to time I see an attempt and always google around to see what I'm dealing with - it's fascinating stuff. I always have this gut instinct that still believes that if someone messes with you, you can just roll up your sleeves or something and deal with it. It's obviously not the case here!

    What struck me was that it hit 3 of my 4 sites about 4 times a piece tonight. Everything looks fine though. Thanks.

  6. allyngibson
    Member
    Posted 5 years ago #

    I saw a very similar string in my website logs last night.

    I was a little afraid to "run" the URL and see what happened, but I got exactly what I was hoping to get — the post referred to in the string out of the sitelogs.

    I'm breathing a sigh of relief. :)

Topic Closed

This topic has been closed to new replies.

About this Topic