New "firewall" added

  2. News
  3. New "firewall" added
   17

New "firewall" added

2008/10/06, 10:00 PM, -

I've just launched some new code onto the site that will, hopefully, keep the SQL Injectors from damaging the site. What I've done is placed some code at the top of every page that examines each piece of data that is sent to the website server. There are specific key words and characters that the "scrubber" or "firewall" catches. Those are the pieces of the SQL Injector code that are readily identifiable.

Unfortunately, for the time being this new code is going to cause a lot of "false positive" rejections. You may accidentally enter one of the more common characters that is in the script. I'd tell you what they are, but then I wouldn't be able to post this. :) How about 1337 speak: 3x3cut3 is a bad word.

There will also be some scripts that just fail because of the coding in them.

As I confirm that scripts are not subject to an vulnerabilities, I will dumb down the scrubber or take it off of the script completely. I will start with the most common scripts, like the news and comments. It will take some time to work through them. But, I get a notification every time the firewall picks up bad input, so I can tell easily what needs to be fixed.

Since I launched the code 3 hours ago, it's already rejected 7 SQL Injector attacks.

Jac

Syn Kaek, 6 Oct, 2008 10:00 PM

Jac ftw

Colonel Shanree Argentin, 6 Oct, 2008 10:00 PM

poignant yet witty comment here

Sage Lontra Boglach, 6 Oct, 2008 10:00 PM

Nice work, Jac! Thanks for all the work you've done.

Hel-Pa Taldrya Sklib, 6 Oct, 2008 10:00 PM

I will rip off the heads of the SQL injectors and shit on their souls

Kir Taldrya Katarn, 7 Oct, 2008 10:00 PM

Sklib, you really need to get out more :P

Lucian Primo, 7 Oct, 2008 10:00 PM

Great to see the site up. Excellent work Jac.

Lambow, 7 Oct, 2008 10:00 PM

Jac, you are El Macho. For those of you that don't know about SQL and injections and the like, it's not easy at all to catch these sorts of things. Literally every bit of input that comes into the site needs to be scrubbed down and checked, which is a hassle and a half for something this big.

Hope you get a GLS out of this, big guy. You're my hero for the week. ;)

Proton, 7 Oct, 2008 10:00 PM

On the other hand, I agree with Skilb's remarks!

Cut off their vile reproductive organs and feed them to the squirrels!

Reaver Tra'an Reith di Plagia, 7 Oct, 2008 10:00 PM

All Hail JAC! Nice work big guy. Thanks for keeping this place running.

James StarGazer, 7 Oct, 2008 10:00 PM

Nice Job Jack. :D

Tirano, 7 Oct, 2008 10:00 PM

your the man!

Syn Kaek, 7 Oct, 2008 10:00 PM

His the man?

Driftan Balephor, 7 Oct, 2008 10:00 PM

Lesbians use SQL injectors to get pregnant. Spoilers.

Zanet Xox, 7 Oct, 2008 10:00 PM

Sweetness Jac, new words must be invented to describe you

Ashura Isradia Sadow, 8 Oct, 2008 10:00 PM

What like "Jactastic". So it's like: Jac's Jactastic. ;)

Adept Macron Goura Sadow, 8 Oct, 2008 10:00 PM

Thanks for all your hard work, and that of your helpers. It is much appreciated by all of us.

Sephiroth Shamshan Kali, 10 Oct, 2008 10:00 PM

if i ever become a compsec warrior, i'll make sure to thank jac.

You need to be logged in to post comments