Many of you know me personally, you know that I'm not a 'web site owner', but a full time Dynamics GP developer. The web site is really just where I put all my notes from 20+ years of doing this.
So, it is such an annoyance to get to work in the morning and see this email:
User:
Geo Location: Wilmington; DE; US; 19893
IP: 52.188.22.65
Time: 6/1/2020 2:22:44 AM
Source: System.Web
CONTENT_LENGTH:: 0
CONTENT_TYPE:: text/html; charset=utf-8
PATH_TRANSLATED:: C:\inetpub\wwwroot\DynDeveloper.com\ColumnNameSearch.aspx
QUERY_STRING:: ctl00_MainContent_RadGrid1ChangePage=38_100'A=0
REMOTE_ADDR:: 52.188.22.65
REMOTE_HOST:: 52.188.22.65
REMOTE_PORT:: 52141
REQUEST_METHOD:: GET
SCRIPT_NAME:: /ColumnNameSearch.aspx
URL:: /ColumnNameSearch.aspx
HTTP_CONNECTION:: Keep-Alive
HTTP_CONTENT_TYPE:: text/html; charset=utf-8
HTTP_ACCEPT:: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_REFERER:: http://dyndeveloper.com/ColumnNameSearch.aspx?ctl00_MainContent_RadGrid1ChangePage=38_100'A=0
HTTP_USER_AGENT:: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-PT; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
URL: http://dyndeveloper.com/ColumnNameSearch.aspx?ctl00_MainContent_RadGrid1ChangePage=38_100'A=0
The irritating part is in red.
So, in the middle of the night, this person (from Wilmington, Delaware) decides to try a SQL injection attack on this web site. This is not the actual attack, it's a preliminary foray into the attack. They've formed a URL that has a single quote and some code after it.
Although I've never been victim, I've had to help clean up sites that were victim. I helped on guy, spent hours cleaning, and the next day it happened again. He didn't take the time to fix his code.
No point here... just annoyed.
If you happen to have a bot net, maybe you'll do a DOS on the IP above. (laughs) kidding. Don't do that.
K, I feel better now. Have a good day!
*** If you have a 'hack attempt' story, please leave it in the comment below.