Overly aggressive SQL Injection attack detection?
http://www.mye28.com/search.php?keyword ... wn+wire%22
SQL Injection attack detection
Re: SQL Injection attack detection
That's interesting. Did you use the "start trouble ticket" link or did you only post this here?
Hopefully Justin sees this soon and can offer something more helpful.
Hopefully Justin sees this soon and can offer something more helpful.
Re: SQL Injection attack detection
I did see that; for some reason I felt it wouldn't work. That was dumb of me. I guess I just assumed there's no way there's actually a support ticket system behind mye28.com. Like I said, ASSUME.Jeremy wrote:That's interesting. Did you use the "start trouble ticket" link or did you only post this here?
Hopefully Justin sees this soon and can offer something more helpful.
I've now clicked on that nice blue link and see that all it does is send an email. Which is awesome. Email sent.
Re: SQL Injection attack detection
This thread was spectacularly unhelpful.
Re: SQL Injection attack detection
Here, maybe this photo will help:wkohler wrote:This thread was spectacularly unhelpful.
Re: SQL Injection attack detection
Perfectly valid block, really, from a security standpoint. But I did raise the triggering threshold to a maximum of 4 double quotes for the time being. It was 2 before and phpBB probably escapes the strings correctly to prevent injection attacks so we may not need the extra cautiousness. The security logs are full of injection attacks from compromised machines, though, they are not sending command code enclosed between %22s.