greptilian logo

IRC log for #friendlyjava, 2019-08-13

##friendlyjava on freenode

| Channels | #friendlyjava index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

All times shown according to UTC.

Time S Nick Message
04:19 Jantz_ joined ##friendlyjava
05:10 aditsu huh, somebody tried an SQL injection attack against a site I developed
05:18 aditsu maybe not just SQL.. it's weird
05:20 aditsu it has attempts like offset=[13' and 'x'='x], offset=[13 AnD BeNChMaRK(2999999,MD5(NOW()))], offset=[13'&&sLEEp(3)&&'1]
05:21 aditsu the offset parameter is passed through Integer.parseInt, so.. good luck with that :p
08:31 Jantz joined ##friendlyjava
10:27 mr_lou aditsu, How do you see those attempts?
10:28 mr_lou I added some checking on IndieGameMusic.com because I was tired of hackers. If 10 weird calls like that are detected, then they're blocked.
10:33 aditsu mr_lou: error logs
10:39 mr_lou aditsu, What server?
10:40 mr_lou I have no access to such fancy stuff with my cheap webhotel provider.
10:41 aditsu it's a VPS
10:58 pdurbin How much analysis of your logs do you do? Is an email alert sent if log volume goes way up? Do you visualize your log traffic? Do you look for anomalies like that "BeNChMaRK" injection? Or did you just happen to be looking at the logs? :)
11:00 aditsu in this case it's an automatic email that basically greps the logs for some exceptions
11:00 pdurbin Nice. That's more than we do. :)
11:02 aditsu I set it up because some serious bugs happened and went undetected until clients complained
11:40 pdurbin makes sense
12:13 Jantz joined ##friendlyjava
15:21 mr_lou https://imgur.com/gallery/XAQ9yEw
15:25 aditsu https://xkcd.com/386/
15:54 mr_lou :-)  That's an old one I've often shared too.

| Channels | #friendlyjava index | Today | | Search | Google Search | Plain-Text | plain, newest first | summary

##friendlyjava on freenode