NYCPHP Meetup

NYPHP.org

[nycphp-talk] Injection Attack, any ideas?

Rolan Yang rolanyang at gmail.com
Wed Nov 7 07:39:28 EST 2007


You might want to log all the submitted POST data for a few days in
case the spam spider comes around again. Add something like this to
the start of your script:

$fp=fopen('/tmp/'.time().'-'.uniqid().'-'.$_SERVER['REMOTE_ADDR'],'w');
fputs($fp,print_r($_REQUEST,TRUE));
fclose($fp);

~Rolan

On Nov 7, 2007 7:17 AM,  <mikesz at qualityadvantages.com> wrote:
> Hello David,
>
> Thanks for the tips. I was able to correlate the timestamp of the error
> message and the bad guys IP address. The are using a POST to do the
> injection.
>
> --
> Best regards,
>  mikesz                            mailto:mikesz at qualityadvantages.com
>
> _______________________________________________
>
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>



More information about the talk mailing list