Re: Almost
The story in the article is mine, it happened to me last week. As Lysenko realised there were errors generated by badly formed SQL from requests with " '; " (hundreds as mentioned in the article) but none with " '); ". Serious errors like that notify me directly rather than waiting in a forgotten log file forever.
After dealing with that and patching in a hurry, I went back and grepped for the attacking IP address and found over 65000 requests. Most seemed to be completely benign. From using pen-test tools I know that the first stage is to spider a site and that generates the most traffic. Some attacks contained PostgreSQL or MS SQL specific functions which suggests they didn't know it was a MySQL site. So it looks like a mostly automated attack from a single address in a Russian IP block.
The forensic aspect is fascinating. Kind of like CSI only real. I'd love Register to do an autopsy of a more complicated attack some time.
Biting the hand that feeds IT
