: How to begin trouble shooting an sql injection attack? noob here... I paid someone to find out why my joomla site was slowing down and exceeding bandwidth etc. They told me that I was
noob here... I paid someone to find out why my joomla site was slowing down and exceeding bandwidth etc.
They told me that I was experiencing an sql injection attack through my RSS feed, they did some work on my site that I don't understand that was supposed to block or slow down the problem. I don't think its working.
Can anyone point me a tutorial or tell me what tools a noob my start with to analyze my site/server?
More posts by @Martha676
2 Comments
Sorted by latest first Latest Oldest Best
Take down any scripts which may contain exploitable code to prevent further abuse immediately. A malicious user who has enumerated an SQL injection vulnerability has his foot in the door to cause some serious problems for your site and you're asking for trouble if you are working to fix the problem while the exploit remains available.
Once you have secured your site, you can audit questionable code to patch the issue - look for any mysql_query() or mysqli_query() calls which include variables which are not wrapped in mysql_real_escape_string() or mysqli_real_escape_string() calls (ideally, you'll replace these calls with prepared statements using bound parameters).
Dont worry
try this
sqlzoo.net/hack/ php.net/manual/en/security.database.sql-injection.php www.unixwiz.net/techtips/sql-injection.html
hope it helps you
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.