Help, I am under attack.

Today I have discovered some data in a database that makes me
think that some is trying an sql injection attack on one of my
websites.
I use SP’s and Cfqueryparam to protect myself against
this type of attack and as a general rule before doing anything I
strip out all banned charters from in coming data. So I don’t
have the original statement, but I do have code (without banned
chars) in my database.
I have captured the users IP address and looked it up as
coming from Indonesia.
I am now wonder what my next step should be.
I am considering creating a banned IP table so that when a
new user comes to my site I check the table, if their IP is in the
table I will send them somewhere else. If the IP is a fixed address
it will be permanently listed in my table, if not I will ban the IP
for a short time to stop an immediate attack. It may also be worth
pointing out that we don’t trade in Indonesia.
I guess my questions are:
Does this sound like a good idea or is there a better way?
How can I tell if an IP is fixed or not?
Has any one else come across this problem, if so how did you
deal with it?

nick010 wrote:
> Today I have discovered some data in a database that
makes me think that some
> is trying an sql injection attack on one of my websites.
>
> I use SP?s and Cfqueryparam to protect myself against
this type of attack and
> as a general rule before doing anything I strip out all
banned charters from in
if you're using cfqueryparam religiously (are you?) &
your website is still
standing then i would imagine your current security is
"effective". what makes
you think you're under attack? have you seen malicious sql
code?
> I have captured the users IP address and looked it up as
coming from
> Indonesia.
you might try geoLocator:
http://www.sustainablegis.com/projects/geoLocator/
to
determine the country from their incoming IP & some other
data we can squeeze
out of their browser (correct >90%++ of the time). if he's
the only user from
indo, you can ban the whole country (as long as his IPs
originate from there).
be sure to update the inetAddressLocator.jar from:
http://javainetlocator.sourceforge.net/
don't recall if the zip file on my site has the latest jar.

Similar Messages

  • WLC sending a message of AP under attack

    Hi to all,
    I've been getting this message from my WLC and I'm not able to find what doest it really mean and if there is something that could be done in order to solve it.
    "Warning : Our AP with Base Radio MAC 00:14:a8:53:0b:20 is under attack (contained) by another AP on radio type 802.11b/g"
    "Warning Cleared: Our AP with Base Radio MAC 00:14:a8:53:0b:20 is no longer under attack (contained) by another AP on radio type 802.11b/g"
    Can this cause me problems in the performance of my wireless network???
    Thanks in advance for your help.

    Hi,
    The firmware is 4.2.112.0
    Thanks in advance for your help.

  • HT2905 How do I display duplicates on the newest version of itunes?.help says its under file, but it is no longer there!

    How do I display duplicates on the newest version of itunes?.help says its under file, but it is no longer there!

    The show duplicates/show exact duplicates features have been left out of iTunes 11.0. Rumor suggests they will be restored in the next build. In the meantime I have written two Windows scripts to make playlists of Duplicates and Exact Duplicates, either from a selection of tracks or the entire library. Note that, as with the iTunes feature, this list makes no distinction between "originals" and "dupes", you have to decide which is which.
    There is also my DeDuper script for automatically removing duplicate copies but keeping one remaining copy of each set. This can preserve ratings, play counts, playlist membership, etc. which are lost in a manual clean up. Please take note of the warning to backup your library before deduping. See this thread for background on deduping and the script.
    If you want to manually remove duplicate tracks use shift-delete to remove selected tracks from the library as well as the playlist. Keep one of each repeated group of files and don't send the others to the recycle bin unless you are sure that there are multiple files on the disc as opposed to multiple entries to the same file. Same advice to backup applies.
    tt2

  • Cisco 7600 under attack?

    Is possible to router 7600 Sup720-10GE-3CXL , CPU goes up to 99%  when under attack ?
    I think we have some attack from outside and that destination ip is uplink ip of 7600 router .
    Can syn packets rise cpu on 7600? Can they go to RP processor ?
    somethink like this attached .

    Hi,
    This can be a kind of SYN flood attck. You can send this traffic to a loopback or contact your ISP and ask them to block this traffic.
    HTH
    Luis Silva
    "If you need PDI (Planning, Design, Implement) assistance feel free to reach"
    http://www.cisco.com/web/partners/tools/pdihd.html

  • WLC Warning Message: Our AP is under attack

    Hi there,
    I receive this Warning message in WLC version 5.0:
    Warning: Our AP with Base Radio MAC 00:1f:6d:b9:48:d0 is under attack (contained) by another AP on radio type 802.11b/g
    So, what does it means? Can someone explain..Great Thanks.

    I am getting the same message, but I've not been able to diagnose the issue yet.
    It seems that the AP is being contained by another wireless system. However, there is no information that I can find to indicate what is "attacking" or "containing" the AP.

  • Help SpiceRex opened an email attachment and is now under attack

    Kinky Rex... All he needs is a whip

    Dam Cryptolocker.
    Anyone know a good way to decrypt him?
    This topic first appeared in the Spiceworks Community

  • Suspect network under attack by icmp

    All
    I am now supect that the pix is under high volume of ping, as if i disable the ping from outside world on wan router, the performace of the network is improved.
    Does PIX can do with some control on if under icmp attack can temp limit or drop the packet from inside and outside world.
    so that the inside affected client and attack from outside world can be prevent.
    tks all

    HI .. you could try enabling the ips built-in signtures supported by the PIX. These are used to protect against common attacks.
    " Cisco PIX Firewall includes an IP-only intrusion detection feature. It provides visibility at
    network perimeters or for locations where additional security between network segments is
    required.
    The PIX IDS identifies more than 53 common attacks using signatures to detect patterns of
    misuse in network traffic. Traffic passing through the PIX Firewall can be identified to be
    audited, logged, and/or dropped.
    After it is configured, the IDS feature watches packets and sessions as they flow through the
    firewall, scanning each for a match with any of the IDS signatures. When suspicious activity
    is detected, the PIX Firewall responds immediately and can be configured to do the following:
    1. Send an alarm to a syslog server.
    2. Drop the packet.
    3. Reset the TCP connection. "
    I suggest you check the command reference for the use of ip audit command !!!
    I hope it helps .. please rate it if it does !!!

  • HELP:  Apps Downloaded Under Expired Email Can't Be Updated on IPAD

    My wife's MobilMe address has expired.  She also had an older MacBook that couldn't update ITunes to the ICloud.
    So, she purchased a new MacBook and changed her email to a .mac account in ITunes.
    Here's the problem:  When she tries to update apps on her IPAD downloaded under her OLD email, the IPAD shows her old email account and asks for that password.  But, that email account does not exist anymore, so when she types in the old password, nothing happens.  So, she cannot update these apps on her IPAD.
    I have read some other threads on this topic.  Just so I'm clear, her new Apple ID shows up everywhere on her IPAD.  The only time the old Apple ID shows up is when she tries to update certain apps (those downloaded under the old Apple ID).
    Any suggestions on how to fix this?  Based on what I've read so far, this is a problem with no solution yet.  I'm leaning towards deleting all of these apps off of her IPAD and her computer's ITUNES, then reloading them under her new address.  But, I'm holding out for a better option before doing this.
    any help will be greatly appreciated!

    elogiudice wrote:
    When she tries to update apps on her IPAD downloaded under her OLD email, the IPAD shows her old email account and asks for that password.  But, that email account does not exist anymore, so when she types in the old password, nothing happens.  So, she cannot update these apps on her IPAD.
    It's not asking for the email password, it's asking for the password of the Apple ID that is identified by the email address.  Her best bet is to go here and "Manage your account." to straighten things out.
    Also, what do you mean that her MM address has expired?  Was this a trial account?  If not, it's impossible for it to expire.
    Finally, it appears that she created a second ID, which will cause the problem that she's experiencing.  Her best bet is to go back to the original Apple ID and use the above-referenced link to change the NAME to the new email address.  Kinda like painting your car instead of buying a new one.

  • BBC News Report - Routers under Attack.

    Hi
    On the BBC News website today it was reported that some broadband hub routers in the UK are susceptible to attack as seen here in this report.
    Is this something us BT customers need concern ourselves with?  What is BT doing to combat these attacks?
    Thank you.

    as the routers are not provided by BT you should have nothing to worry about
    If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

  • Urgent help, Menu hides under flash

    I used PVII Auto Hide and PVII Snap layers to create this
    menu:
    http://www.tomkt.com/main.html
    the menu is hiding under the flash, is there any way to avoid
    this?
    It seems to be a problem on a PC, particularly.
    I thought my ob was done here, and now I discover that it is
    not.
    I need help fast
    thanks!
    meliska

    Hello Melliska,
    I am trying to fix the same flash menu issue that you had. It
    currently works in IE but not Firefox. I can not seem to figure it
    out though.
    Here is my code.
    <script type="text/javascript">
    AC_FL_RunContent( 'codebase','
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0','wmo de','transparent','width','728','height','360','src','/_templates/RPS-Home-Flash','quality ','high','pluginspage','http://www.macromedia.com/go/getflashplayer','movie','/_templates/ RPS-Home-Flash'
    ); //end AC code
    </script>
    <noscript><object
    classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0"
    width="728" height="360">
    <param name="movie"
    value="/_templates/RPS-Home-Flash.swf" />
    <param name="quality" value="high" />
    <param name="wmode" value="transparent" />
    <embed src="/_templates/RPS-Home-Flash.swf"
    quality="high" pluginspage="
    http://www.macromedia.com/go/getflashplayer"
    type="application/x-shockwave-flash" wmode="opaque" width="728"
    height="360"></embed>
    </object></noscript>
    I see that your example is working in both IE and Firefox
    now. How did you fix it?
    Any help would be great. :)

  • Mac OS X Server under attack...

    We have an Xserve that has been hacked, and that someone has managed to install a rogue ftp server on. We shut it down, but someone is trying to get it back up again, and I don't know how to stop them.
    Any help would be appreciated. Below is as much of the story that I know...
    A couple of weeks ago, the server slowed down extremely. It was losing ~70% of packets during a ping, and was responding very slowly on ssh and http. After a while it cleared up, and all seemed fine again.
    A few days later, NOC contacted me to find out why I was runnig ftp on a non-standard port (19000). Some investigation revealed that a new folder (.etc) had been installed in the Administrator's home directory, And OpenFTP based server was running from there under the name crashreporterd. It was also doing something on port 16500. A crontab was set up to relaunch the process every 5 minutes.
    I cleared all this out, rebooted the system, upgraded to 10.4.7 (from 10.4.6), changed every password on the machine, and started services up again.
    This morning at 7am, port 19000 was still closed. At 8:30, I got a note from the NOC saying that the port was open again, and they would block the port at their end.
    now, a couple of hours later, the machine is still on, but pings are not returned (100% packet loss) and ssh and http connections time out.
    Can anyone offer me any pointers on where to go next or what is happening?

    It's hard to say how it happened - maybe looking through system/console logs might help, but that could be a bit of a chore. (There are programs like LogMaster that make this slightly easier). There are any number of ways to get in - SQL injections, buffer overflow 'sploits, or simply guessing the admin password. I'd suggest making a note of which versions you have of all your software and services, and checking them for known vulnerabilities on CERT or SecurityFocus.com.
    As for catching the program, there's a shareware program called Little Snitch that will monitor all your software and alert you when a program tries to make a network connection. That way, it's easy to identify legit and dodgy services. CheckMate will also watch your system files and alert you when anything is changed, which can help you identify intrusions. I'd suggest making sure that all your software is fully up-to-date, and revise your firewall policy to allow as little as possible into your system. You can also be a bit selective about which outgoing connections you allow, although these are harder to reliably control.

  • NVIDIA GeForce 8600M GT No video, need help getting repair under extended 4 warranty

    My macbook pro A1260 (early 2008) suddenly wont boot up - there's no chime or video, just all of the other usual signs of like such as the drive and fans spinning. Tried all the usual resets and checked the RAM was seated properly but no luck. I had this problem once before a few weeks ago and reseating the RAM suddenly brought it back to life and it booted up again. The macbook is fitted with the NVIDIA Ge Force 8600M GT chip that was decared as faulty but as the mac wont power up with video it's impossible to test specifically to see if the chip is at fault. I have seen many people on these forums with the same problem and a few lucky ones who had the repair done for free regardless of the lack of test possible. I have already taken it to the genius bar and sure enough they presented me with a diagnostic bill for 480euros to replace the logic board. I have heard that these chips can fry the rest of the logic board when they fail, can anyone who has had this confirmed please let me know? I am going back to the genius bar this weekend for a last attempt at persuading them to do it for free (it's within the 4 year extended warranty for this problem). I'd like to know how many people managed to get it repaired even if the computer wouldn't boot up to enable the test. Computer was working perfectly with the exception of minor pixelling at the top of a screen when watching a DVD, could that have been a sign? I know it's a long shot but any advice to help me build an case would be greatly appreciated. So frustrated!!

    http://support.apple.com/kb/TS2377
    From that article:
    No video on the computer screen (or external display) even though the computer is on.

  • Is Verizon actively under attack?

    Minutes ago i called 1-800-837-4966 a third party seemed to be entering numbers ! It is very strange. The robo voice saying this is a wrong response several times. The line would go quiet and my key entrees were ignored.... the the verizon robo voice said one dollar is this correct? When I had not entered anything!    Verizon can you please help me? {edited for privacy}

    FYI, 011 is the international dialing prefix.  Maybe the fingers bounced on 0 and 1.
    Happy Snow!
    If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.

  • Formmail Under Attack

    How do I prevent a FormMail form being spammed?
    Thank you.

    Look for injection attacks in the archives and/or Formmail
    hack protection
    If you haven't already, you would be well served searching
    through the
    archives for the answer to your question. The archives can be
    found here:
    http://groups.google.com/group/macromedia.dreamweaver
    http://groups.google.com/group/macromedia.dreamweaver.appdev
    "PAB1953" <[email protected]> wrote in
    message
    news:e4cnis$obt$[email protected]..
    > How do I prevent a FormMail form being spammed?
    >
    > Thank you.

  • Help with possible iphone4s attack

    Hi everyone!
    This morning my iphone4s woke up from standby and someone was trying to key in the passcode. I turned the phone off after watching two failed attempts. I turned the phone back on later and disabled network and cellular access.  My home network security is WPA2 and has AES encryption.  I also run Norton Internet Security.
    Has anyone else encountered this problem?  How did you prevent future attacks? Thanks for your input.

    Not trying to avoid responding to the question -- no, it's not a jail broken phone.  I purchased it in person at the Verizon store.  I don't think they would sell me a jail broken phone.

Maybe you are looking for