I have been monitoring one of the latest injection hack attempts since early July. The attack is pervasive and appears to be powered through one or several of the larger Botnets. The attack, whether successful or not is not hard to miss. It shows up as a rather lengthy piece of hexadecimal code in your server logs with the visible commands DECLARE, SET and CAST.
Watch your server logs for something like this: ;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0×4445434C415245204054207661726368617228323535292C40432076617263686172
I've written a brief article about the subject with the decoded injection and the js from the originating site in China: douhunqn.cn. I also include .htaccess info for preventing the attack.
Read the article here
Latest Injection Attack: Declare, Set and Cast
-
Tech Manager
- Member
- Posts: 31
- Joined: Mon Jan 07, 2008 2:26 pm
Latest Injection Attack: Declare, Set and Cast
I recommend Country IP Blocks dot net as part of your security arsenal.