Recently my site has been hit with huge numbers of injection attacks. Right now, I trap them and return a static page.<\/p>\n
Here’s what my URL looks like:<\/p>\n
\n\/products\/product.php?id=1\n<\/code><\/pre><\/p>\nThis is what an attack looks like:<\/p>\n
\n\/products\/product.php?d=-3000%27%20IN%20BOOLEAN%20MODE%29%20\nUNION%20ALL%20SELECT%2035%2C35%2C35%2C35%2C35%2C35%2C35%2C35\n%2C35%2C35%2C35%2C35%2C35%2C%27qopjq%27%7C%7C%27ijiJvkyBhO%27\n%7C%7C%27qhwnq%27%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35\n%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35\n%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35\n<\/code><\/pre><\/p>\nI know for sure that this isn\u2019t just a bad link or fat-fingered typing so I don’t want to send them to an overview page. I also don\u2019t want to use any resources on my site delivering a ‘missing’ page.<\/p>\n
Based on a couple of comments on Stackoverflow, I looked up how to return ‘page not found’. This Stackoverflow answer<\/a> by icktoofay suggests using a 404 and then the die(); – the bot thinks that there isn\u2019t a page and might even go away, and no resources are used to display a page not found message.<\/p>\nHere\u2019s what mostly works.
\n
\nheader("HTTP\/1.0 404 Not Found");\ndie();\n<\/code><\/pre><\/p>\nI still get attempts, but they usually only try 20 or so times and then they go away for a few days.<\/p>\n","protected":false},"excerpt":{"rendered":"
Recently my site has been hit with huge numbers of injection attacks. Right now, I trap them and return a static page. Here’s what my URL looks like: \/products\/product.php?id=1 This is what an attack looks like: \/products\/product.php?d=-3000%27%20IN%20BOOLEAN%20MODE%29%20 UNION%20ALL%20SELECT%2035%2C35%2C35%2C35%2C35%2C35%2C35%2C35 %2C35%2C35%2C35%2C35%2C35%2C%27qopjq%27%7C%7C%27ijiJvkyBhO%27 %7C%7C%27qhwnq%27%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35 %2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35 %2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35%2C35 I know for sure that this isn\u2019t just a bad link or fat-fingered … Continue reading 100,000 MySQL injection attacks in a few days<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-1707","post","type-post","status-publish","format-standard","hentry","category-coding"],"_links":{"self":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/1707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1707"}],"version-history":[{"count":0,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/1707\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}