XF 2.3 Possible SQL injection attack?

S

Stubentiger

Member
I'm currently experiencing a large number of access attempts with the following pattern:

Click to expand...

These attempts appear illegitimate and are apparently not being detected by either mod_security or Cloudflare (free). What options are there to prevent these access attempts?

Xenforro 2.3.9

Thank you
 
Sort by date Sort by votes
Stubentiger said:
I'm currently experiencing a large number of access attempts with the following pattern:



These attempts appear illegitimate and are apparently not being detected by either mod_security or Cloudflare (free). What options are there to prevent these access attempts?

Xenforro 2.3.9

Thank you
Click to expand...

Do you have the SQLi ruleset enabled via CF?
 
Upvote 0 Downvote
Hi @MentaL,

thank you for your reply. As I mentioned, I'm using the Cloudflare free plan. To my knowledge, I have no way to enable or disable specific rulesets. If you can tell me how I can control the required settings, I'll provide the information immediately.

Edit: One more piece of information/question.

Even if this isn't necessarily an SQL issue, why is information (text output) displayed in the browser when the URL is accessed?
 
Upvote 0 Downvote
Stubentiger said:
Hi @MentaL,

thank you for your reply. As I mentioned, I'm using the Cloudflare free plan. To my knowledge, I have no way to enable or disable specific rulesets. If you can tell me how I can control the required settings, I'll provide the information immediately.

Edit: One more piece of information/question.

Even if this isn't necessarily an SQL issue, why is information (text output) displayed in the browser when the URL is accessed?
Click to expand...
?_xfRequestUri=&_xfResponseType=json


it's a json output
 
Upvote 0 Downvote
If you click on that URL you can tell that the SQL injection is not working since you don't get a 15 second wait.
This person is testing your system for vulnerabilities, and in this case it looks the test is being failed.

Strange, this returns a 400 code which may not be tracked by existing security mechanisms for too many of that code per IP.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

H7ML
  • Locked
  • Question Question
SQL Injection Protection
Replies
1
Views
1K
Paul B
P
Bonsai Coder
  • Question Question
XF 2.2 SQL Injection Warnings
Replies
14
Views
2K
bzcomputers
bzcomputers
J
  • Question Question
XF 1.5 SQL Injection protection
Replies
1
Views
1K
Chris D
Chris D
ChadTheDJ
  • Question Question
SQL injection help and prevention
Replies
4
Views
3K
ChadTheDJ
ChadTheDJ
Markus
SQL injection and "$usermodel->validateauthentication"
Replies
2
Views
2K
Markus
Markus
Back
Top Bottom