PDA

View Full Version : warning: sql injection attempts



asaguiar
09-30-2011, 10:05 AM
Hi.

Some italian lamer has systematically attempted to execute a remotely hosted script that executes sql injection attempts.

I can not check how effective it is the attempt uses a file named /contrib/forms/evaluation/C_FormEvaluation.class.php that I do not have installed.

Regards.

Alexandre

somoto
10-03-2011, 03:09 AM
how did you figure this out??

asaguiar
12-04-2011, 06:59 AM
By reading the logs.

siguie
12-06-2011, 03:51 AM
They seem to be looking for sites using OpenEMR from http://www.oemr.org/ or atleast older unpateched versions.

As a general security measure I recommend using ZB Block (http://www.spambotsecurity.com/) it only protects php scripts but that's the vast majority of code on many sites. It's free and is billed mostly as spambot protection but it's AWESOME against sql injection attacks and sooo many other hackbots :)

IanSEH
12-06-2011, 11:21 PM
They seem to be looking for sites using OpenEMR from http://www.oemr.org/ or atleast older unpateched versions.

As a general security measure I recommend using ZB Block (http://www.spambotsecurity.com/) it only protects php scripts but that's the vast majority of code on many sites. It's free and is billed mostly as spambot protection but it's AWESOME against sql injection attacks and sooo many other hackbots :)

After using OpenX ad server on my sites, it got hacked through the same thing - SQL injection :( and even worse, several sites were affected since they displayed banners from my adserver... Then Google found it and marked my sites as malware. That was a mess... THANK YOU for recommending ZB Block as I recently was told part of my wordpress theme was insecure too.