Multiple hacking attempts?

nathanielrsuchy

nathanielrsuchy

Reputable
Joined
Apr 17, 2016
Messages
196
Reaction score
0
FP$
555
There have been multiple attempts SQL Injection attempts against my site. Should I contact a private security firm? (The attacks are from another country so suing isn't an option) I've blacklisted the IP Addresses but still concerned. Your thoughts?
 
Moved this to a new forum, our Community Matters board is mainly for issues regarding our forum. :heart:

Anyway, I wouldn't yet. I would most certainly tighten up security and make sure you have backups and complex passwords. A private security firm might not be able to do much if they're switching back and fourth from IP's, though I could be wrong.
 
Thomasss said:
Moved this to a new forum, our Community Matters board is mainly for issues regarding our forum. :heart:

Anyway, I wouldn't yet. I would most certainly tighten up security and make sure you have backups and complex passwords. A private security firm might not be able to do much if they're switching back and fourth from IP's, though I could be wrong.
Click to expand...

Ok thanks and sorry. I've definitely tightened security. Our investigation showed it was SQL Injection (Vuln was patched) the user took the time to drop their account from the user table after their attack was done. Sadly for them I keep historical SQL Backups (every 15 minutes 15MB Database @ $0.03/GB = not horrible costs). The user's residential IP address wasn't in the US so I can't sue. Probably gonna hire a firm soon...
 
If anything there isn't much to do if they aren't within the country which has laws such as the US. The only big thing you can do is make sure that you have updated software and try to have any zero-day alerts sent to somewhere that you will check right away.

The fact that they tried using an old vuln. means really nothing, however if they found a vuln, then that is a big issue. Would recommend trying to find a way to tighten security more on the SQL level or even using software that isn't too dated (but also isn't too new to prevent zero-days).
 
KnownSyntax said:
If anything there isn't much to do if they aren't within the country which has laws such as the US. The only big thing you can do is make sure that you have updated software and try to have any zero-day alerts sent to somewhere that you will check right away.

The fact that they tried using an old vuln. means really nothing, however if they found a vuln, then that is a big issue. Would recommend trying to find a way to tighten security more on the SQL level or even using software that isn't too dated (but also isn't too new to prevent zero-days).
Click to expand...

The Vuln was patched after the attack. And it was a Vuln with code that I wrote not code from MyBB.
 
You must log in or register to reply here.

About Us

Since 2007, Forum Promotion has specialized in providing advertising solutions to webmasters looking to promote their communities. We pride ourselves in being the bridge that connects forum administrators, bloggers, and more.

Sponsors

Affiliates

    Universal Gaming The Coffee House

Stay Connected

Back
Top Bottom