• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

MySQL hacks - Putin???

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    MySQL hacks - Putin???

    It seems pretty weird as my tiny business is hardly running for the US presidency but when I check visitors to my site who have clicked on products but not completed a purchase, 60%+ are from Russia.

    Just recently I have found two dbase records that are significantly different from the original entry as logged in my and Paypal's emails and a copy of the table. It can't be a fault in my code due to the nature of the change, the fact that umpteen other records are fine and I haven't changed the code that has been working ok for months anyway.

    I have already implemented various protections in my code, HTML entities, length limits, removed MySQL error messages, ensured that INSERT fields can't contain quotes etc. etc. but clearly need to do some more on Monday. Any pointers to best resources? Ta.
    bloggoth

    If everything isn't black and white, I say, 'Why the hell not?'
    John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

    #2
    No Cyrillic?

    Comment


      #3
      You probably just have to accept an amount of bot traffic looing for exploits hitting your site.

      If I ever check the requests logs for my sites there is always bazillions of entries for wordpress urls.

      Comment


        #4
        Check out OWASP.
        Implement some tried and tested input filtering to prevent sql injection attacks.
        Don't believe it, until you see it!

        Comment


          #5
          Cheers, OWASP looks worth a look. I like wasps anyway.
          bloggoth

          If everything isn't black and white, I say, 'Why the hell not?'
          John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

          Comment

          Working...
          X