Blog

Increase in automated SQL Injection attacks against ASP.NET web sites

We use Splunk to collect the log files from our web-application-firewalls in the cloud, protecting various web sites.

The graph below shows the increase in attacks in the last month, from 0 incidents to 10 last weekend and now more than 100 last Sunday and today.

Image001

The SQL Injection attack is an attempt to identify ASP.NET web pages that are vulnerable and this is a fully automated scan, crawling all pages in the web site.

An example attack against our www.zionsecurity.com web site that uses ASP.NET web pages:

Image003

In the left column you see the page requested and on the right the number of total request where every parameter was injected with )/**/or/**/1=@@version--

Some HTTP requests:
GET /partners.aspx?show=Partners%27%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version-- HTTP/1.1
User-Agent: Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20090818 Firefox/3.5.6
Host: zionsecurity.com
Accept: */*

GET /solutions/implementation.aspx?show=Implementation%27%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version-- HTTP/1.1
User-Agent: Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20090818 Firefox/3.5.6
Host: zionsecurity.com
Accept: */*

These two request are from two different IP addresses (184.82.12.88 and 64.120.194.16), but with the same User-Agent and HTTP Headers so these are probably infected machines that use the same malware to find other vulnerable web applications.

During one week we saw 62 different IP addresses scanning for SQL vulnerabilities, from the networks:

  • 173.212.254/16
  • 184.82.12.98/24
  • 64.120.194.10/16
  • 66.197.184.143/24

Solution: make sure your code is not vulnerable and mitigate/block attacks with a web application firewall!

There are 2 Comments

user picture

The best protection would be to use a web application firewall to secure your CMS against exploits.

user picture

Good Ԁay! Do you know if tҺey make any plugins to protеct against hаckers?
I'm kinda paranoid about losіng everʏthing I've worked harɗ on. Any recommendations?

Add comment