Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I record the search terms in on my e-commerce site and I the term
function.mysql connect
appears frequently. Immediately it concerns me that there may be some kind of automated bot looking for holes? SQL injection perhaps?
Could some one please explain what people are trying to do, and if this is indeed a signature of dodgy activity how can I check that I am protected against it?
Many thanks in advance
Most likely the search initiator is looking for dynamic pages that are displaying as plain text. Ie. if a webserver is misconfigured and displaying php files as plain text. In this case, there is a good chance that the mysql database credentials are exposed. This is a common way for malicious users/bots to search for database passwords and this is not SQL injection. For SQL injection, there would be part of a SQL query.