Spoofing a TCP/IP address? Stopping SQL Injection.....

**Cowboy \(Gregory A. Beamer\)** · Sep 18 '08, 05:15 PM

Re: Spoofing a TCP/IP address? Stopping SQL Injection.....

It is hard to stop someone from hitting your site completely, especially if
he is either a) spoofing and IP or b) using some unwitting dolts computer to
hit yours. You can, however, harden the application. I would look at the
Patterns and Practices material on hardening. One good place to start is the
threat modeling book:

Threat Modeling Web Applications

http://msdn.microsoft.com/en-us/library/ms978516.aspx

--
Gregory A. Beamer
MVP, MCP: +I, SE, SD, DBA

Subscribe to my blog

Stop Making Sense

http://feeds.feedburner.com/GregoryBeamer#

or just read it:

Stop Making Sense

http://feeds.feedburner.com/GregoryBeamer

*************** *************** **************
| Think outside the box! |
*************** *************** **************
"Mufasa" <jb@nowhere.com wrote in message
news:O87apiYGJH A.212@TK2MSFTNG P06.phx.gbl...

>I have a website that somebody is trying to hack with SQL Injection. (He
>was already successful but I have fixed the vulnerability) I have already
>fixed the website so it's 'safe' from the injection. I even have it
>redirect to another web site (not mine but an innocuous third party) when
>it get's things that don't match my criteria.
>
Is there any way to stop/block this yahoo from attempting this? It's
getting old. I have the system e-mail me when it happens and last night he
attempted about 25 times - twice every 1/2 hour.
>
I've checked the IIS logs and they all come from different TCP/IP
addresses so I can't block based on TCP/IP.
>
It's just annoying.
>
Anybody have any suggestions on what to do to get this yahoo to stop it?
>
BTW - his SQL injection puts code in the text fields that would download a
trojan that would then install something on your machine. So it was pretty
malicious.....
>
TIA - Jeff.
>
>

**George** · Sep 18 '08, 05:25 PM

Re: Spoofing a TCP/IP address? Stopping SQL Injection.....

What do you mean by stopping?
Physically? No you can not do that. He is still going to continue to hit
your server with bad urls.

If you mean to prevent him from being successful then I thought you already
did it.

PS: You can block the IP address in Windows (look it up in Google, but you
need Admin rights on a server I believe) but from my experience the IP
address is changing and in a week you will get attempts from different IP.

George.

"Mufasa" <jb@nowhere.com wrote in message
news:O87apiYGJH A.212@TK2MSFTNG P06.phx.gbl...

>I have a website that somebody is trying to hack with SQL Injection. (He
>was already successful but I have fixed the vulnerability) I have already
>fixed the website so it's 'safe' from the injection. I even have it
>redirect to another web site (not mine but an innocuous third party) when
>it get's things that don't match my criteria.
>
Is there any way to stop/block this yahoo from attempting this? It's
getting old. I have the system e-mail me when it happens and last night he
attempted about 25 times - twice every 1/2 hour.
>
I've checked the IIS logs and they all come from different TCP/IP
addresses so I can't block based on TCP/IP.
>
It's just annoying.
>
Anybody have any suggestions on what to do to get this yahoo to stop it?
>
BTW - his SQL injection puts code in the text fields that would download a
trojan that would then install something on your machine. So it was pretty
malicious.....
>
TIA - Jeff.
>
>

**Niraj Ranka** · Sep 19 '08, 10:15 AM

Re: Spoofing a TCP/IP address? Stopping SQL Injection.....

Its better if you improve you code and follow some kill char
functions.

NIraj
On Sep 18, 10:13 pm, "George" <noem...@comcas t.netwrote:

What do you mean by stopping?
Physically? No you can not do that. He is still going to continue to hit
your server with bad urls.
>
If you mean to prevent him from being successful then I thought you already
did it.
>
PS: You can block the IP address in Windows (look it up in Google, but you
need Admin rights on a server I believe) but from my experience the IP
address is changing and in a week you will get attempts from different IP..
>
George.
>
"Mufasa" <j...@nowhere.c omwrote in message
>
news:O87apiYGJH A.212@TK2MSFTNG P06.phx.gbl...
>

I have a website that somebody is trying to hack with SQL Injection. (He
was already successful but I have fixed the vulnerability) I have already
fixed the website so it's 'safe' from the injection. I even have it
redirect to another web site (not mine but an innocuous third party) when
it get's things that don't match my criteria.

>

Is there any way to stop/block this yahoo from attempting this? It's
getting old. I have the system e-mail me when it happens and last nighthe
attempted about 25 times - twice every 1/2 hour.

>

I've checked the IIS logs and they all come from different TCP/IP
addresses so I can't block based on TCP/IP.

>

It's just annoying.

>

Anybody have any suggestions on what to do to get this yahoo to stop it?

>

BTW - his SQL injection puts code in the text fields that would download a
trojan that would then install something on your machine. So it was pretty
malicious.....

>

TIA - Jeff.

**Mufasa** · Sep 19 '08, 03:25 PM

Re: Spoofing a TCP/IP address? Stopping SQL Injection.....

Thanks everybody for your help. I guess there's not a whole I can do to stop
it - I just have to make sure that it doesn't cause any problems.

J.

"Niraj Ranka" <nirajranka@gma il.comwrote in message
news:3a6e257b-b464-496a-98f9-7e927a29faef@q5 g2000prf.google groups.com...
Its better if you improve you code and follow some kill char
functions.

NIraj
On Sep 18, 10:13 pm, "George" <noem...@comcas t.netwrote:

What do you mean by stopping?
Physically? No you can not do that. He is still going to continue to hit
your server with bad urls.
>
If you mean to prevent him from being successful then I thought you
already
did it.
>
PS: You can block the IP address in Windows (look it up in Google, but you
need Admin rights on a server I believe) but from my experience the IP
address is changing and in a week you will get attempts from different IP.
>
George.
>
"Mufasa" <j...@nowhere.c omwrote in message
>
news:O87apiYGJH A.212@TK2MSFTNG P06.phx.gbl...
>

I have a website that somebody is trying to hack with SQL Injection. (He
was already successful but I have fixed the vulnerability) I have already
fixed the website so it's 'safe' from the injection. I even have it
redirect to another web site (not mine but an innocuous third party) when
it get's things that don't match my criteria.

>

Is there any way to stop/block this yahoo from attempting this? It's
getting old. I have the system e-mail me when it happens and last night
he
attempted about 25 times - twice every 1/2 hour.

>

I've checked the IIS logs and they all come from different TCP/IP
addresses so I can't block based on TCP/IP.

>

It's just annoying.

>

Anybody have any suggestions on what to do to get this yahoo to stop it?

>

BTW - his SQL injection puts code in the text fields that would download
a
trojan that would then install something on your machine. So it was
pretty
malicious.....

>

TIA - Jeff.

Spoofing a TCP/IP address? Stopping SQL Injection.....

Spoofing a TCP/IP address? Stopping SQL Injection.....

Comment

Comment

Comment

Comment