is my site under sql injection attack?

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Total Posts: 75
Karma: 483
Joined: 9/13/2014
Location: India

Posted: 3 years ago

Hi all,

I noticed in the log table the following:

If you notice the short message column and full message column there are lot of invalid parameters being passed in the page URL.

The customer id turned out to be a guest. The IP address is from USA (my store is based out of India)

There are approximately 12000 logs from this user in a single day. All random logs with different short messages.

Does this indicate that someone is trying to attack the web portal? How do i prevent/protect the store from this? My hosting provider is Everleap.com

New York

MVP

Total Posts: 11328
Karma: 101032
Joined: 5/22/2011
Location: United States

Posted: 3 years ago

Yes, it looks like you are being attacked. Not necessarily "SQL injection" (as most of those messages are not SQL, but you'd have to look at the actual 'Page URL' info logged on the message to get more info.) Also, I see it's not from US, but from China: https://whatismyipaddress.com/ip/23.225.203.179

In any case, you can use rewrite rules, or search the market place for an IP blocking plugin. But note that the attacker could likely change to another server / different IP. You may want to block the entire country if you don't expect business from them.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Still have questions or need help?

. Premium support services . Get dedicated support from the nopCommerce team with a guaranteed response within 24 hours.

. Online course for developers . Get the practical and technical skills you need to run and customize nopCommerce websites.