IRC log for #friendlyjava, 2019-08-13

##friendlyjava on freenode

← Previous day | Channels | #friendlyjava index | Today | Next day → | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time	S	Nick	Message
04:19			Jantz_ joined ##friendlyjava
05:10		aditsu	huh, somebody tried an SQL injection attack against a site I developed
05:18		aditsu	maybe not just SQL.. it's weird
05:20		aditsu	it has attempts like offset=[13' and 'x'='x], offset=[13 AnD BeNChMaRK(2999999,MD5(NOW()))], offset=[13'&&sLEEp(3)&&'1]
05:21		aditsu	the offset parameter is passed through Integer.parseInt, so.. good luck with that :p
08:31			Jantz joined ##friendlyjava
10:27		mr_lou	aditsu, How do you see those attempts?
10:28		mr_lou	I added some checking on IndieGameMusic.com because I was tired of hackers. If 10 weird calls like that are detected, then they're blocked.
10:33		aditsu	mr_lou: error logs
10:39		mr_lou	aditsu, What server?
10:40		mr_lou	I have no access to such fancy stuff with my cheap webhotel provider.
10:41		aditsu	it's a VPS
10:58		pdurbin	How much analysis of your logs do you do? Is an email alert sent if log volume goes way up? Do you visualize your log traffic? Do you look for anomalies like that "BeNChMaRK" injection? Or did you just happen to be looking at the logs? :)
11:00		aditsu	in this case it's an automatic email that basically greps the logs for some exceptions
11:00		pdurbin	Nice. That's more than we do. :)
11:02		aditsu	I set it up because some serious bugs happened and went undetected until clients complained
11:40		pdurbin	makes sense
12:13			Jantz joined ##friendlyjava
15:21		mr_lou	https://imgur.com/gallery/XAQ9yEw
15:25		aditsu	https://xkcd.com/386/
15:54		mr_lou	:-) That's an old one I've often shared too.

← Previous day | Channels | #friendlyjava index | Today | Next day → | Search | Google Search | Plain-Text | plain, newest first | summary

##friendlyjava on freenode