Security rules by pass hack attempt

  • Resolved ChriStef

    (@christef)


    5 years, 6 months ago

    Hello, ive noticed some attempts that are not blocked. I hope to investigate them and maybe catch them in future updates.

    1.
    %20WAITFOR%20DELAY%20%270%3A0%3A5%27–%20vVEd%22

    2.
    p20WAITFOR%20DELAY%20%270%3A0%3A5%27–%20ymeA

    Take care,
    /ChriStef.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    Both examples have syntax errors.
    1. is not a valid character, it should be replaced with --.
    2. p20WAITFOR isn’t valid either.

    1%27+waitfor+delay+%2700%3A00%3A05%27-- would be a valid syntax.

    I will change the firewall rule to catch similar issues.

    • This reply was modified 5 years, 6 months ago by nintechnet.
    Thread Starter ChriStef

    (@christef)

    Glad to hear that, thank you.

    /ChriStef.

    Thread Starter ChriStef

    (@christef)

    Hello again. Could you see the new attempts below:

    %20AND%201679%3D%28SELECT%201679%20FROM%20PG_SLEEP%285%29%29–%20snlo

    %20AND%201679%3D%28SELECT%201679%20FROM%20PG_SLEEP%285%29%29

    %3BSELECT%20PG_SLEEP%285%29–

    %29%3BSELECT%20PG_SLEEP%285%29

    %27zfxmjA%3C%27%22%3EBoaAOC

    %27%28.%2C%22%22%27%29%29%27

    What they trying to do?

    • This reply was modified 5 years, 5 months ago by ChriStef.
    Plugin Author nintechnet

    (@nintechnet)

    They are attempts to probe PostgreSQL. That’s a bit strange because WordPress uses only MySQL/MariaDB, not PostgreSQL !

    Thread Starter ChriStef

    (@christef)

    Thank you for your insights. Keep it strong…

    Do you suggest to me to add some custom rules?

    Plugin Author nintechnet

    (@nintechnet)

    You can safely ignore them, they don’t affect WordPress.
    Maybe I’ll adjust some rules just to kick them out, but it is not really important.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Security rules by pass hack attempt’ is closed to new replies.