Trend Micro have tried to be clever by mosaic-ing the references to where the trojan downloads from. Pity they forgot to blat one in the final picture, right next to the 327,000.

I'm familiar with a few preventative measures to withstand website SQL injection, such as sanitising the user input and escaping certain characters etc.

I'm curious about these recent events.

Are there any special techniques/code examples on how these new attacks can be prevented? Any advice would be greatly appreciated.

Chris 'the Cautious Coder'

They also forgot to blur the third search result's address:

http://www.salonlive.com.tw/job_index.aspx

A good list of attacks and preventative measures can be found at:

http://www.owasp.org/index.php/Top_10_2007

Basically use prepared statements and filters.

Many thanks Matthew

Chris

while injection is likely, my fw logs tell me ms sql ports are constantly hammered. If they are worth scanning they must be vulnerable.

mssql's default admin password is (or at least used to be) notoriously commonly left as-is, which probably makes it worth checking any system for it. You don't need sql injection for that though.

58 59 60 61

114 115 116 117 118 119 120 121 123 124 125 126

153 163 171 202 203 210 211 218 219 220 221 222

Those are the IP address leaders, though do give it a check yourself if you are going to go down this route (pun alert).

Shame about Japan, and Australasia though, they probably need to sort something out to get out of APNIC.

This list is not accurate, eg I'm posting from a 153.x.x.x address and I can assure you I'm not in China. Well, perhaps my job is beeing moved there and I'm the only one not to know ? :)

For those interested, take a look at the IP ranges on apnic's website : http://www.apnic.net/db/ranges.html

Haven't people know how obvious SQL injection attacks are for like... 15 years now? How can so many people write so much crap software? I know the answer, I just wish the world was better.

People ought to have their Internet licenses revoked.

http://www.iana.org/assignments/ipv4-address-space

Only going by what IANA is saying.

Sure your ISP is not APNIC orientated?

Whilst the link to IANA shows 153 as belonging to APNIC.

I have done some whois 'ing.

And:

inetnum: 153.0.0.0 - 153.255.255.255

netname: EU-ZZ-153

descr: Various Registries

country: EU # Country is really world wide

remarks: These addresses were issued by

The IANA before the formation of

Regional Internet Registries.

<http://www.iana.org/assignments/ipv4-address-space>

So, hmm, probably a lot of EU folks in 153, but it is worldwide so could be China :)

153 is in RIPE at the moment.

This is your brain.

Th15 15 ur br41n 0n M1cr0s0ft SQL S3rv3r.

Indeed. It is staggering that by default, designs contain nothing to stop SQL-injections.

The problem is that databases and web sites interfaces were deliberately designed so that anybody could use them, allowing for unclear statements, unquoted arguments, etc.

Apparently, the database engineers think that user input should be sanitized by coders, coders believe it should be sanitized by the one making the web site, and that one is usually a web designer which cares more about making a cool interface than about security measures.

Hopefully, we will soon have database interfaces which disable literals by default...

I thought I heard a ping from Hong Kong just then :)

Anyone can block traffic if they like, if it is their equipment, there is no law saying it has to be open. In fact since blocking a huge chunk of the net the number of attempted attacks have gone down considerably, and the amount of useful traffic has increased also considerably.

Criminal denial of service eh? Oh, and why should we be serving you? And gross stupidity, well I think you have more than your fair share :)

Most sites, want quality traffic, not crack attempt after crack attempt, sure if some place has to communicate with a site then they can be added to a white list. It does actually make a lot of sense in many scenarios. So you're in Hong Kong why do we care?