I'm using the guest tracking panel from the skpacman.
On the 16 of juli 2012 with the ip-address: 114.227.10.78 the following url/uri's came in:
07:01:47: '/photogallery.php?album_id=6%20and%201=1%20and%20='
07:01:46: '/photogallery.php?album_id=6%20%61%6E%64%20%31%3D%32'
07:01:45: '/photogallery.php?album_id=6%20%61%6E%64%20%31%3D%31'
07:01:44: '/photogallery.php?album_id=6%20and%20char124%2Buser%2Bchar124=0%20and%20%25='
07:01:43: '/photogallery.php?album_id=6%20and%20char124%2Buser%2Bchar124=0'
07:01:41: '/photogallery.php?album_id=6%20and%20char124%2Buser%2Bchar124=0%20and%20='
The ip-address is from "Chinanet Jiangsu Province Network"... Ehh???
And looking at the time-table -just seconds-: Nobody can copy and past that fast...
It is a programm or robot working, crawling...
I checked up my database and with FTP my PHPFusion files on my providers root, checking out the file-dates on the 2012-07-16. Nothing did change...
==============
Tip against attacks:
Change the dates of all the PHPFusion-files once a month to that date. So all the files have the same date. If after that one file has another date, it is time to examine that file...
==============
So, I think the above was an attack, trying to corrupt my database...
But what nobody can tell me is what the codes in these url/uri's mean? What is that **** all about?
Like to hear some more...
Greetings,
Masy from the Netherlands
0 replies