I have a highly controversial website that has been gathering
information for a class action against a top 5 US bank. Recently
their has been multiple and systematic attempts to access my
database using sql commands submitted through various form fields.
These attempts and the results they might produce are above my
scope of knowledge and I am requesting assistance in how to thwart
these attacks and what info it may have revealed.
The attacks submit sql code through form fields in blobks of
8 and 16 attempts simultaneously. Here is an example of what is
being submitted:
1 declare @q varchar(8000) select @q = 0x574149544
I have created a list of keywords (declare, varchar, etc)
that will trigger a cfabort but this is placed after an insert
statement to capture what was submitted.
Any insight would be greatly appreciated.