Mar 8, 2011

182.114.206.25 hn.kd.ny.adsl union injection hacker

20and%205=6%20union%20select%200x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E,0x5E5B7D7E%20--

from ip 182.114.206.25 hn.kd.ny.adsl

1 comment:

dan said...

I got the same issue today on a site. Hundreds of thousands of the same SQL injection query, only differing by an increasing LIMIT at the end, from IP 115.52.227.189 (also resolves to hn.kd.ny.adsl). Looks like at least an entire /24 resolve to the same host. Read somewhere else that there could be an entire /12 that these requests can originate from. Best to just block 115.52.0.0/12 in its entirity.