Defending Against A SQL Injection Attack

One of my sites came under a SQL Injection attack today. The attacker used the following to attempt to attempt access:

/wp/index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58), 666,CHAR(58))+FROM+wp_users+where+id=1/*

I have the SEO Egghead WordPress Firewall and Lester Chan's WP Ban plugin, so the notification of an attempt and the ability to block it were quick, but protection began early.

Changing the Admin User

The above SQL string attempts to gain access using the first entry (id=1) from the wp_users table. At the time of installation, WordPress adds the user "Admin" to wp_users. As the ID column is specified as "auto-increment", the first row has an ID of 1. In my WordPress installations, that ID does not exist because I have created a uniquely named user and deleted the default Admin user. But, it wouldn't take much for a hacker to write a quick loop to spin through hundreds of numbers, so additional protection is definitely necessary.

WordPress Firewall Plugin

SEO Egghead's WordPress Firewall plugin is indispensable in my opinion. I receive an e-mail alert when a suspicious event occurs such as this attack. This is the e-mail I received on this attack:

The SEO Egghead WordPress Firewall plugin will send you an e-mail alert when someone attacks your site.

The plugin will send me false alerts when Angsuman Chakraborty's Translator plugin is used by a visitor to translate a page, but I can live with that.

WP Ban Plugin

Once I have the e-mail alert, I take the IP of the attacker and insert it into the list of banned IP's using Lester Chan's WP-Ban plugin as shown below.

I've taken the IP from the WordPress Firewall e-mail alert and inserted it into the list of IP's I ban from my site.

I have a healthy list of IP's, which is unfortunate, but I also host my own WordPress and I see a lot of different attacks. I block at multiple levels, just to be sure! WP-Ban is essential despite all the other methods I have available as shown below by the number of blocks it has already done for me on one site.

After just a few months of use, WP-Ban has blocked over 200 attempts from sites known to me to have attempted at least one attack on my site.

My Recommendation

Take every step you can to protect yourself! Whether you self-host or not, I would not leave the protection of my site to others. There are just too many ways for a hacker to attack your site or blog. SEO Egghead's WordPress Firewall plugin combined with Lester Chan's WP-Ban plugin are two tools that combine to alleviate some of the work by notifying me of the first attack and protecting me from that point on. I appreciate having these tools in my toolbox!

Testimonials

Initially I worked with Bill while on a contract at Pharmacia and continued working with him through Pharmacia's transition to Pfizer. Since then I have worked with him on several projects ranging in length from 6 months to several years. He is one of very few people I have had the opportunity to work with that can design complex systems at a high level and jump down in the trenches to write the code. Furthermore, when Bill is in a position to lead or manage a team he is able to quickly instill trust and respect, and if it takes all night to meet a goal, Bill is there right along with the rest of us making it happen. Bill is very cost conscience as well, that combined with his technical expertise will guarantee your project will be successful and on budget. If you are looking for someone to design, code, lead or manage your IT project, Bill is the person for the job. Pick him up quickly because he will not be on the market for long.
John Stephens
Vice President of Operations, SendThisFile.com

At The End Of The Day…

Blog