my website under attack, how to stop this

Question

my website seems to be under attack. i found this in one of the logs:

2014-12-23 01:37:35 46.148.31.54 - x.x.x.x 80 GET /pagename.asp?fieldname=558211'+declare+@s+varchar(8000)+set+@s=cast(0x73657420616e73695f7761726e696e6773206f6666204445434c4152452040(...long hex code...)6f72+as+varchar(8000))+exec(@s)--|44|80040e07|Syntax_error_converting_the_varchar_value_'558211_declare_@s_varchar(8000)set@scast(0x73657420616e73695f7761(...long hex code...)e636f... 500 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_8_5)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/38.0.2125.104+Safari/537.36

I tried some online hex to string converter and it shows that all that hex is actually a sql statement meant to put a website link in all table columns. it uses information_schema thing now I am very inexperienced, but this looks like some sql injection attack. i use simple things like filtering characters etc. But I wish to know how to stop this kind of attack when sql statement is converted to hex and then used in urls. i searched around but couldn't find anything to prevent this particular type to attempt.
thank you for your time

Use parameterized queries and you should be safe from SQL injection. — Daniel Mann, Dec 26 '14 at 07:07

Jasen · Answer 1 · 2020-09-03T08:03:54.697

2

what you've got there is an SQL injection attack. take your website down before they download your entire database. find the flaws (here handling of the fieldname query parameter) and fix them. then put your website back up. also turn off detailed error messages from the database from going to the general public.

Merry Christmas!

edited Sep 03 '20 at 08:03

answered Dec 26 '14 at 07:14

Jasen

11,837
2
30
48

my website under attack, how to stop this

1 Answers1