Over the past week, we’ve been bombarded with a web-bot trying to do nefarious things like determine which sites are vulnerable and then launch a systematic attack at a later date. They were unsuccessful. The signature of the attack looks like this:
DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x444**snip**%20CHAR(4000));EXEC(@S);
A solution to the attack is to modify your .htaccess files to include the following lines which will prevent any damage being done, but still lets the request through to serve the page. A better long term solution might be to assemble some sort of .htaccess controlled firewall.
RewriteCond %{REQUEST_URI} ^(.*)CAST(.*) [OR]
RewriteCond %{REQUEST_URI} ^(.*)DECLARE(.*) [NC,OR]
These hosebags make working on the net more work than it ought to be. How long will it be before a retaliation service starts up for stressed out and pissed off web site operators? If one exists, leave a comment with a pointer, I’m ready to sign up…
