Support » Fixing WordPress » A question about Char Set Attacks and attacks in general

  • Has anyone else been seeing a lot of this type of attack lately?…

    ‘;DECLARE%20@S%20CHAR(4000);SET%20@S….’

    They seem to be hammering 3 of my blogs. I’m not nuanced in the art of hacker identification but I do have a question…

    When we see something like this come up in our stats how can we tell whether their attempt was successful or not? I mean, if there are no obvious signs?

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • whooami

    (@whooami)

    Member

    The simplest thing to do is just try it yourself, and see what happens.

    If youre looking at your Apache logs, you get the whole string, you just append it as necessary

    whooami, thanks for your reply. It’s an honor by the way!

    I appended the string to my address and got my error page. I suppose that’s a good sign?

    whooami

    (@whooami)

    Member

    yap 🙂

    Thats a coldfusion hack, best I can tell. There was a very old WP problem that was similar, but thats long since been fixed. I’m guessing you googled that too and got the CF reference.

    Its recent too.

    Yeah, from time to time I see an attempt and always google around to see what I’m dealing with – it’s fascinating stuff. I always have this gut instinct that still believes that if someone messes with you, you can just roll up your sleeves or something and deal with it. It’s obviously not the case here!

    What struck me was that it hit 3 of my 4 sites about 4 times a piece tonight. Everything looks fine though. Thanks.

    I saw a very similar string in my website logs last night.

    I was a little afraid to “run” the URL and see what happened, but I got exactly what I was hoping to get — the post referred to in the string out of the sitelogs.

    I’m breathing a sigh of relief. 🙂

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘A question about Char Set Attacks and attacks in general’ is closed to new replies.