Defending Against A SQL Injection Attack

Defending Against A SQL Injection Attack

One of my sites came under a SQL Injection attack today. The attacker used the following to attempt to attempt access:


/index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),
666,CHAR(58))+FROM+wp_users+where+id=1/*

I have the SEO Egghead WordPress Firewall and Lester Chan’s WP Ban plugin, so the notification of an attempt and the ability to block it were quick, but protection began early.

Changing the Admin User

The above SQL string attempts to gain access using the first entry (id=1) from the wp_users table. At the time of installation, WordPress adds the user “Admin” to wp_users. As the ID column is specified as “auto-increment”, the first row has an ID of 1. In my WordPress installations, that ID does not exist because I have created a uniquely named user and deleted the default Admin user. But, it wouldn’t take much for a hacker to write a quick loop to spin through hundreds of numbers, so additional protection is definitely necessary.

WordPress Firewall Plugin

SEO Egghead’s WordPress Firewall plugin is indispensable in my opinion. I receive an e-mail alert when a suspicious event occurs such as this attack. This is the e-mail I received on this attack:

The SEO Egghead WordPress Firewall plugin will send you an e-mail alert when someone attacks your site.

The SEO Egghead WordPress Firewall plugin will send you an e-mail alert when someone attacks your site.

The plugin will send me false alerts when Angsuman Chakraborty’s Translator plugin is used by a visitor to translate a page, but I can live with that.

WP Ban Plugin

Once I have the e-mail alert, I take the IP of the attacker and insert it into the list of banned IP’s using Lester Chan’s WP-Ban plugin as shown below.

Ive taken the IP from the WordPress Firewall e-mail alert and inserted it into the list of IPs I ban from my site.

I've taken the IP from the WordPress Firewall e-mail alert and inserted it into the list of IP's I ban from my site.

I have a healthy list of IP’s, which is unfortunate, but I also host my own WordPress and I see a lot of different attacks. I block at multiple levels, just to be sure! WP-Ban is essential despite all the other methods I have available as shown below by the number of blocks it has already done for me on one site.

After just a few months of use, WP-Ban has blocked over 200 attempts from sites known to me to have attempted at least one attack on my site.

After just a few months of use, WP-Ban has blocked over 200 attempts from sites known to me to have attempted at least one attack on my site.

My Recommendation

Take every step you can to protect yourself! Whether you self-host or not, I would not leave the protection of my site to others. There are just too many ways for a hacker to attack your site or blog. SEO Egghead’s WordPress Firewall plugin combined with Lester Chan’s WP-Ban plugin are two tools that combine to alleviate some of the work by notifying me of the first attack and protecting me from that point on. I appreciate having these tools in my toolbox!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.