Yandex ‘hack’ uncovers SQL Injection links – Manila Bulletin

As part of our security practice, whenever we see an attack on one of our hosted sites, we will raise an alert and send it to the network block owners.

We need to first figure out the source of the attack. Fortunately, most attacks can be traced to a specific IP (internet protocol) address.

The IP address is like your car’s license plate. It is unique. It is registered. And we can lookup the owner’s information. In our case, DNS registries will contain the needed information. We use IPinfo.io.

Of course, this source is likely from a compromised account/device/server. So we need to alert the system administrators as well. We locate the Network Owner and email an alert. This is one such email:

In other words, Yandex search engine robots just blindly follows whatever links it sees on the internet. It is its job. So, this warranted a second look at our logs more closely, there is a “GET” (not POST) operation which had a sql injection type attack (note the UNION keyword) :

And indeed the…

Read Full Story: https://mb.com.ph/2022/08/25/yandex-hack-uncovers-sql-injection-links/

The post Yandex ‘hack’ uncovers SQL Injection links – Manila Bulletin first appeared on SEO, Marketing and Social News | OneSEOCompany.com.

source: https://news.oneseocompany.com/2022/08/25/yandex-hack-uncovers-sql-injection-links-manila-bulletin_2022082528322.html

Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.