Friday, August 22, 2008

sql injection

There's an old SQL-injection attack from Jan 2008 that's been floating around (see that the script kiddies have been using to attack since Jul 17. It's gotten to the point where the site has become unusable. For, each attempt would cause a hit on the database and would drive our CPU load into the 30s. I put in a mod_rewrite rule to catch these attempts so that they get a static page instead of the dynamically-grabbed article.