 Posted - 11/11/2017 : 20:16:14
We are currently on version 6.6.4 (PHP) of ECT.
I have been monitoring our web access log files over the past number of months, and notice that we get a lot of entries which I assume are attempts at SQL injection, as follows:
46.105.103.159 - - [12/Nov/2017:01:29:38 +1100] "GET /products.php?cat=Coin%20and%20Button%20Batteries%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1 HTTP/1.1" 200 169007 "-" "-
I've been disallowing access from the offending IP addresses (via the .htaccess file). I have been wondering, however, whether any of these attempts have been successful or not. Is there any way of telling what the result of such an attempt is, and what information it would give to the user (apart from running it myself, of course)? The log file seems to report a 200 response code, which is a success, isn't it? Don't quite know what success means in this instance, though.
Should I be worried about all this stuff, or is it catered for in the escape_string stuff and other security measures of ECT?
Thanks,
Dave.
| 
Website Log files