- Detroit CEOs time valued at $0/hr
- My promise to be a better driver
- Propane tanker crash
- Free Dr. Pepper for everyone!
- 10 reasons why you should use Mozy for your computer backups
- Getting Yammer to work with IM on Google Apps for your domain
- Free Online Budgeting with Quicken Online!
- Still loving American Express
- AWS Security Whitepaper
- Performance increase with Amazon's EBS (persistent storage)
Wordpress comment SQL injection attempt
Submitted by altj on Wed, 03/12/2008 - 07:15
I have comment moderation turned on for most of the blog sites I manage. As a result, if someone new comes in and posts a comment, I get a nice email letting me know that I need to approve it. Yesterday, I got one that said this:
Author : Bill366758271','258878095billy@msn.com','','171.85.174.159','2008-03-11 22:28:47','2008-03-11 22:28:47','','0','lynx','comment','0','0'),('0', '', '', '', '', '2008-03-12 22:28:47', '2008-03-12 22:28:47', '', 'spam', '', 'comment', '0','0' ) /* (IP: 124.217.231.53 , 124.217.231.53)
E-mail :
URL : http://None
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=124.217.231.53
Comment:
None...
It looks like they were trying to bypass the comment approval process with an SQL injection attack. I'm not sure which versions of Wordpress are vulnerable, but I'm sure there are some older ones that are.
Interesting, I've had 8 of
Interesting, I've had 8 of the same "comments" over the last few days on my web site, all on the same page. They appeared in 2 groups of 4 each and surprised me because I have comments turned off. I'm running v2.3, so I suppose I need to update. Anyway, thanks for providing an explanation for what is going on.
Oneida
Hi! I had a group of 4
Hi!
I had a group of 4 attacks too last week and also have comment approval on. They came from the same IP address as yours.
If you know something about this IP address, please let me know.
Thanks and have a nice day!
Post new comment