Hi. Did you miss me? I've been retired/not coding for a few months because of our idiot governor...but I digress...

Anyway, I am picking up some old personal php/MySQL projects that I have had on a host I subscribed to years ago. I noticed that one page was no longer working and investigated it today. A MySQL table that should have had fewer than 1000 records suddenly had 750,000! With a new record being added every couple of minutes. The content of the records had to do with stuff like Cialis, Viagra, payday cash loans, and all kinds of other similar crap.

My question is how does (and why would) someone want to put this crap in my table? and, what can one do to prevent this sort of thing from happening again?

(I seem to have momentarily fixed the problem by renaming the table....and changing the page coding to point to the new table name)

    Search the Web for SQL Injection.

    Then look at your web logs for that page. You'll probably find something.

      Ow! I guess I left myself open for this as the page/project in question has no login/security on it at all (but it does not contain any information of any value to anyone...it's just for my convenience). I am wondering if these spam contents that have been injected as new rows are being used somehow to some end/nefarious purpose? Why would anyone want to put such lines into my table? What value would it have for them?

        Almost certainly they're being inserted by a bot, which doesn't care what it's attacking, merely blindly following its quizotropic imperative: "see a form - spam it".

          "security by obscurity" is the hope that your data/form/whatever will be safe because nobody knows where it's located or that no one will bother to try and figure something out.

          I'd recommend that you put all of your convenience forms/whatever behind some kind of password. Either use a PHP authentication library to require login or set up your web server to require a password for your pages.

            Write a Reply...