1

I have a affiliate website. I am monitoring which websites are user visiting. For the first time I have noticed a user is visiting following url in my websites which I guess is some kind of hacking attempt. I need help. Constantly my website is performing poor. Sometimes it opens longer than normal time. Sometimes table appears blank. Sometime Cron jobs fail to execute.

Following are the few URLs visited by a user repetitively:

http://www.example.com/product.php?category=study-materials&id=SHOEMHMZH8HPAX4H%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%22x%22=%22x

http://www.example.com/product.php?category=video-albums&id=SHOEMHMZH8HPAX4H%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1

There are lots more such URLs. I am totally confused and bit scared too. What it is exactly and what the user trying to do with such URL? How can I prevent from such actions?

Since morning the user has been visiting from different IP addresses and his or her visited URLs looks like same as I have mentioned.

unor
  • 92,415
  • 26
  • 211
  • 360
user7011444
  • 29
  • 3
  • 1
    Looks like someone is trying to go "fishing" to find URLs that are vulnerable to SQL injection. You should block their IP addresses. Then learn how to protect against SQL injection in your application code. In most cases, that means using query parameters instead of concatenating unsafe content into your SQL queries. If you can't do that, then you must take your site down until you can fix your code. – Bill Karwin Apr 02 '18 at 18:45
  • https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Bill Karwin Apr 02 '18 at 18:47
  • https://www.owasp.org/index.php/SQL_Injection – Bill Karwin Apr 02 '18 at 18:47

1 Answers1

1

It's someone trying to break into the site, probably by using a tool of some kind. This happens all the time to every website, since anyone can go off and download tools freely to attack sites.

The URLs you list have attempts to send commands to your database, called SQL Injection. If you look in your web server logs, you'll probably see this kind of thing a lot.

As long as your site has been coded securely, doesn't trust user input, doesn't use vulnerable software (such as out of date plugins or un-patched operating systems) then it may be nothing to worry about.

I presume you didn't write the software. You could always contact the creator of to ask about how it was coded, tested and has it been pentested (which is when a professional hacker has been paid to try to break into the site).

DomBat
  • 1,981
  • 5
  • 27
  • 42