![[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.](https://www.headshotdomain.net/files/coRpSE/cnopseal_X74-MEW1.png "[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.")
Lately, I have been getting a lot of sites testing the waters so to say, trying to see if they can do SQL injections on my site. They can't as far as I know, but, it was filling up my error log with their attempts. I don't know about you, but it really annoys me when I see my log having an error, and it turns out that someone is putting bad characters in a URL
So, if anyone that gets sent to this page:
Please, let me know what you clicked or what you did. I want to see if there are any false positives that happen.
Thank you.
So, if anyone that gets sent to this page:
| Please login to see this link Get registered or Log in |
Please, let me know what you clicked or what you did. I want to see if there are any false positives that happen.
Thank you.
Serious question for everyone.
I wrote this script, and I have been very vague on it, and I will give you more info about it. This system helps protect the website from hackers who try to mess with it by putting sneaky code into the address bar or links. It checks what people are sending to the site — especially strange characters or words that hackers often use when trying to break into the database (where usernames, passwords, and other info are stored). If it spots anything suspicious, it keeps track of who sent it (based on their IP address), and if they try it more than twice, it blocks them completely from accessing the site by adding their IP to the site's block list. It also logs the attempt so I can go back and see what happened. It doesn’t replace normal security, but it gives the site an extra layer of protection to help keep the bad guys out before they even reach the sensitive parts.
Sentinel should do this as far as I thought, but, I have never seen it protect from the attempts I have had in my site, and instead, I only find out about them from being in my error log. For those of you are site owners, you may recognize things like this in your error logs, (if you actually looked).
In the URL, you would see like:
There are a lot more, and I'm not going to list them all, but, these are things that have been used on my site in the last few days. My script, I have checking for common keywords, basic logic-based injections, and SQL comment symbols. Areas where I don't think Sentinel really does. I think that does deeper checks, but I don't know, I never looked at it. But now, if they try using any of those to test my site, which most of these are just bots testing my site for SQL vulnerabilities, their first 2 test give them nothing, but the 3rd attempt gives a 403 Forbidden Error.
I will release this eventually to the public, and if anyone wants to test it, I will ask at a future date.
But for now, I want to know if I should make a block that shows the last 10 IPs to be Perm-banned as well as make an easy copy & paste button that allows you to come by and see to copy all the IP's that have been added permanently and have it so you can copy & paste them into your .htaccess file. I kind of already wrote a test script, but haven't made it public. It has already the "deny from" in front of the IP, so it is truly a Copy & Paste system.
So, should this block be something I should finish and put on my site here?
I wrote this script, and I have been very vague on it, and I will give you more info about it. This system helps protect the website from hackers who try to mess with it by putting sneaky code into the address bar or links. It checks what people are sending to the site — especially strange characters or words that hackers often use when trying to break into the database (where usernames, passwords, and other info are stored). If it spots anything suspicious, it keeps track of who sent it (based on their IP address), and if they try it more than twice, it blocks them completely from accessing the site by adding their IP to the site's block list. It also logs the attempt so I can go back and see what happened. It doesn’t replace normal security, but it gives the site an extra layer of protection to help keep the bad guys out before they even reach the sensitive parts.
Sentinel should do this as far as I thought, but, I have never seen it protect from the attempts I have had in my site, and instead, I only find out about them from being in my error log. For those of you are site owners, you may recognize things like this in your error logs, (if you actually looked).
In the URL, you would see like:
- 'A=0
- '[0]
- %27 (URL encoded ')
- '123
- 1' OR '1'='1
- 1' AND '1'='1
- ' OR 1=1--
- ' OR 'x'='x
- ';--
- '--
- %23 (URL encoded #, SQL comment)
There are a lot more, and I'm not going to list them all, but, these are things that have been used on my site in the last few days. My script, I have checking for common keywords, basic logic-based injections, and SQL comment symbols. Areas where I don't think Sentinel really does. I think that does deeper checks, but I don't know, I never looked at it. But now, if they try using any of those to test my site, which most of these are just bots testing my site for SQL vulnerabilities, their first 2 test give them nothing, but the 3rd attempt gives a 403 Forbidden Error.
I will release this eventually to the public, and if anyone wants to test it, I will ask at a future date.
But for now, I want to know if I should make a block that shows the last 10 IPs to be Perm-banned as well as make an easy copy & paste button that allows you to come by and see to copy all the IP's that have been added permanently and have it so you can copy & paste them into your .htaccess file. I kind of already wrote a test script, but haven't made it public. It has already the "deny from" in front of the IP, so it is truly a Copy & Paste system.
So, should this block be something I should finish and put on my site here?