Thread: Latest Injection Attack: DECLARE, SET and CAST
View Single Post
  #9 (permalink)  
Old 08-29-2008, 03:23 PM
Webnauts's Avatar
Webnauts Webnauts is offline
WebProWorld 1,000+ Club
WebProWorld MVP
  
Join Date: Aug 2003
Location: Worldwide
Posts: 8,133
Webnauts RepRank 8Webnauts RepRank 8Webnauts RepRank 8Webnauts RepRank 8Webnauts RepRank 8Webnauts RepRank 8Webnauts RepRank 8Webnauts RepRank 8Webnauts RepRank 8
Default Re: Latest Injection Attack: DECLARE, SET and CAST
Tech Manager thanks for the heads up. I already added in my .htaccess this:

RewriteEngine On
Options +FollowSymLinks
ServerSignature Off
RewriteCond %{REQUEST_URI} ^/(,|;|<|>|”>|”<|/|\\\.\.\\).{0,9999}.* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|updat e|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC]
RewriteRule ^(.*)$ http://www.kissmyassyousonofabitch.com
__________________
"Being an expert isn't telling other people what you know. It's understanding what questions to ask, and flexibly applying your knowledge to the specific situation at hand. Being an expert means providing sensible, highly contextual direction." Jeff Atwood
SEO Workers - Search Engine Optimization Consulting Company | SEO Analysis Tool | Webnauts Net SEO
Reply With Quote