Search Spam Attack

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
3 years ago
I noticed today that a specific user decided to create an account and spam the search on one of our websites. Also with this we've witnessed a performance hit today as well, but I don't know if it is related. Is there a recommended way that I can prevent this from happening? The spam attack in question is below. Thank you!

Everything between a [ and ] are just variables that I entered.

https://www.[my domain].com/search?q=-1%27or%2f**%2f1%3d1%2f**%2fand%2f**%2fisnull(ascii(substring(cast((select%20%20table_name%20from%20information_schema.tables%20where%20table_catalog%3d%27[database name]%27%20order%20by%20table_name%20offset%2038%20rows%20fetch%20next%201%20row%20only)as%2f**%2fvarchar(8000))%2c29%2c1))%2c0)%3e78--
0
3 years ago
May be you can see if its coming from same IP or group of IPs then you can block them.
Pls up-vote the answer, if it helps you! :)

nopAccelerate - Faster, Reliable & Scalable nopCommerce

http://www.nopAccelerate.com | http://www.xcellence-it.com | http://shop.xcellence-it.com

Need any professional assistance? Drop us your requirements on sales(at)nopaccelerate.com
1
3 years ago
Thanks for your advice, nopaccelerate. I found out this was coming from a single IP address and blocked it from IIS. Everything immediately returned to normal after that. Because it's easy for anyone to change their IP address I guess I'm just wondering if this is the recommended way to do it or if there is a better way?
0
3 years ago
you could use something like ModSecurity to listen for such attempts and auto-block IP addresses in real-time
1
3 years ago
Thanks for the suggestion, af1racing. I'll take a look at it and see what I think.
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.