Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
SQL Injection attack
Message
 
To
All
General information
Forum:
Visual FoxPro
Category:
Other
Title:
SQL Injection attack
Miscellaneous
Thread ID:
01404976
Message ID:
01404976
Views:
154
FYI, no help required yet.

On daily basis my web site gets visits originated from a small group of ip addresses (see the list below) with an obvious purpose of detecting whether the site is driven by SQL Server that could be hacked in.

The agent is always NV32ts. The query string includes SQL statement:
' And char(124)+(Select Cast(Count(1) as varchar(8000))+char(124) From [sysobjects] Where 1=1)>0 and ''='
This is the list. I guess the computers are "enslaved" or the ips are all proxies.
remote_address      remote_host
173.3.94.6          ool-ad035e06.dyn.optonline.net
187.4.29.32         187-4-29-32.cslce700.dsl.brasiltelecom.net.br
189.102.161.44      bd66a12c.virtua.com.br
189.38.144.102      189.38.144.102.user.ajato.com.br
189.62.156.179      bd3e9cb3.virtua.com.br
190.21.67.233       233-67-21-190.adsl.terra.cl
190.246.226.148     148-226-246-190.fibertel.com.ar
190.31.217.220      host220.190-31-217.telecom.net.ar
200.116.157.178     cable200-116-157-178.epm.net.co
200.82.112.217      host217.200-82-112.telecom.net.ar
201.0.9.148         201-0-9-148.dsl.telesp.net.br
212.36.65.37        cmv-2.adam.es
217.201.0.140       217.201.0.140
219.80.4.175        219-80-4-175.static.tfn.net.tw
24.186.115.187      ool-18ba73bb.dyn.optonline.net
58.152.89.219       n058152089219.netvigator.com
64.184.8.97         64-184-8-97.bb.hrtc.net
64.233.247.134      static10.anythingcomputer.evv.wideopenwest.com
74.60.155.153       74-60-155-153.mrc.clearwire-dns.net
Anatoliy Mogylevets
devicecontext@msn.com
Win32 API Online Reference
Reply
Map
View

Click here to load this message in the networking platform