Ok so i woke up this morning and was checking a few things on one my sites that runs WP. I noticed a bunch of odd url's that someone (or more likely something) tried to get to on my site. AN example of the nastiness attempted can be seen below : **/select/**/concat(0x3a,user_login,0x3a,user_pass,0x3a),2/**/from/**/wp_users/**/where/**/user_id=1/* Code (markup): My question is, is there anyway to stop these commands from being executed if they happen to find a weakness? Can it be stopped via htaccess or some piece of code? Even if there is no weakness, there's no legitimate reason for a user to try and enter these commands is there? (I wouldn't of thought so lol, just want to make sure the server or script itself doesn't need to use similar strings) I'm kinda thinking that if theres no real reason to use codes like this, then is it possible to redirect the offender to a different site? Say Google for example. Thanks in advance. Dan
Are you seeing these in the httpd logs? Does your hosting company use mod_sec or other such filters? If so, ask them to look at your issue and they might be able to help you.
Hey threeguineawatch, thanks for the reply. I spotted them this morning in the backend of WP using statpress. Same IP tried 6 or 7 different codes. My sites run on a VPS so there's a good chance that mod_sec (or something similar) is running (i had someone who knows far mroe than i do set it up.) Cheers Dan
- 2.6 something, upgrading the script now - Cool, any idea if theres a way to stop them before the url is entered? So like a php script of some kind that checks to see if a similar piece of code is in the url, and if it is to redirect them? Was hoping for a pre emptive strike lol. (Aren't we all?) Thanks for the replies so far guys, greatly appreciated. Dan