Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is this an attack? 1

Status
Not open for further replies.
Sleidia

Sleidia

Technical User
May 4, 2001
1,284
FR
Hello,

It is the second time that I notice that someone or something sends a foreign query on my mysql database on my server. The output of the query is as follow :

You have an error in your SQL syntax near ' at line 1

A google search with " led me to 2 sites such as :
- Mc Affee ASAP ( )
- Alliance of Security Analysis Professionals ( )

Although I'm not using ASP and Microsoft products, should I see it as a very dangerous threat?
What should I do?

Thanks for helping :)
 
Sort by date Sort by votes
I am not an expert in this field but from the little information provided it appears to be user error. If there are continued attempts or actual attempts to access specific information in your database I would be more worried.

Thanks,

Ryan V. Stevenson
Specialty Services Director

National Support Network
East Lansing, MI - USA

Ryan@itpayz.com
 
Upvote 0 Downvote
How often do you see this kind of activity?

Looks more like a missconfigured script (does not need to be ASP, could be PHP or CGI/Perl)

Any other requests from the same host that use different syntax?

Just the one query by itself is not alarming. A frequent failed query might just mean you or someone using your database needs to fix something with their query/script.

Nathan aka: zaz (zaznet)
zaz@zaz.net
 
Upvote 0 Downvote
It is the second time that I notice that someone or something sends a foreign query on my mysql database on my server
Click to expand...

There's three possible sources for this:

1) Your MySQL database is visible to the world, and people are connecting to it and making arbitrary requests (extremely bad). To fix it: configure your firewall to block the ports that MySQL uses.

2) Your code is using string concatenation to build the SQL used to access the database. You're vulnerable to a SQL Injection attack, and people are taking advantage of the hole in your code (extremely bad). To fix it: change your code to use best-practices database access for your language.

3) There is a programming error in your code somewhere (bad). Fix your code.

And it might also be the catch-all:

4) Something else

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
266
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
230
nnaarrnn
nnaarrnn
Sparrow4
  • Locked
  • Question
AnyConnect + Azure + SAML
Replies
0
Views
228
Sparrow4
Sparrow4
GeorgeAlba
  • Locked
  • Question
What do you think about this proxy
Replies
0
Views
97
GeorgeAlba
GeorgeAlba
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
91
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top