How to handle 404 errors that look like SQL errors or hacking attempts?
I have an E-commerce site (built on OpenCart 2.0.3.1). I'm using an SEO pack plugin that keeps a list of 404 errors, so we can make redirects.
As of a couple of weeks ago, I keep seeing a LOT of 404s that don't even look like links:
999999.9 //uNiOn//aLl /**/sElEcT 0x393133353134353632312e39
999999.9 //uNiOn//aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39
999999.9 //uNiOn//aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39
- ...and so on, until it reaches:
999999.9" //uNiOn//aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x3931
This isn't happening once, but 30-50 times per example. Over 1600 lines of this mess in the latest 404s report.
Now, I know how to make redirects for "normal" broken links, but I don't even know where to begin to fix this.
When you get requests for URLs that are hacking attempts, it is usually safe to ignore them. They are usually run by automated scanners that typically scan a large number of hosts looking for vulnerabilities.
The best defense against such attacks is to keep the software on your server up to date with all the latest software releases and security patches. If you do that, your server will not likely be vulnerable to the vast majority of hacking attempts.
If you see a large number of these requests coming from a single IP address, you could block that IP address. You could use either your webserver configuration or your firewall to do so.
You don't want to redirect these junk URLs to anything. There would be no advantage to doing so and it might even cause the scanners to make additional requests against your site.
Comments
Post a Comment