Is it possible to scan access-log files from all users for SQL injection attacks? I want to block attackers after X amount of malicious URL requests if possible.
One of my users was attacked and the rate of the attack got the server on his knees. The "Web Usage Log" showed me requests like these:
Or will this type of detection be too costly for the server to process? I can understand that usage logs generate allot of data so scanning them will be no easy job.
One of my users was attacked and the rate of the attack got the server on his knees. The "Web Usage Log" showed me requests like these:
Code:
xx.xx.xxx.xx - - [11/Jan/2021:14:35:08 +0100] "GET /subdir/'%20%20%20image['data-large_image']%20%20%20'%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(79,73,121,98,87,65,117,81,65),1),name_const(CHAR(79,73,121,98,87,65,117,81,65),1))a)%20--%20%27x%27=%27x HTTP/1.1" 404 17873 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101
Or will this type of detection be too costly for the server to process? I can understand that usage logs generate allot of data so scanning them will be no easy job.