Answer the question
In order to leave comments, you need to log in
Found SQL injection attempts. How to detect and protect?
Hey!
I have a custom engine.
Forms without captcha. For basic spam protection I use:
1. Checkbox "check the box if not a robot"
2. Write what 2+3 = ?
3. A hidden field with a popular name, such as email - and I check it on the server for emptiness
. I understand that this is not a serious protection, but I absolutely do not want to strain users with complex captchas.
Almost every day I get 5-20 form submissions filled with data like:
1
1'
-1'
I understand that this is some kind of automatic script that searches the entire Internet for sites with open forms and tries to find a SQL vulnerability. It seems like all requests are screened for me and they don’t bring dirty tricks to any site, but it’s unpleasant to constantly clean out spam. What do you advise? How are forms protected in 2016?
PS On another project there was a similar situation, but at one fine moment I found "left" links hidden inside my texts in the database. Apparently the same vulnerability was found. It was unpleasant.
Thanks
Answer the question
In order to leave comments, you need to log in
It seems like all requests are screened for me and they don’t bring dirty tricks to any site, but it’s unpleasant to constantly clean out spam. What do you advise? How are forms protected in 2016?Not exactly the way you do.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question