I have a DB on a site that is not really up anymore (a redirect because of a merger), and it seems to have been attacked. I always use REMOTE_IP so that I have a record and able to ban IP's of the endless form spammers, however on this attack, the IP listed is my local IP (actually my old one since I changed ISP's). I was wondering how they did this and how do I protect on other DB's. Some of the other injected text inot almost every field is. 1 AND USER_NAME() = \'; DESC users; -- 1\' OR \'1\'=\'1 There is plenty more, however they submitted the form about 12 times per second. Any thoughts? Gary __________ Information from ESET Smart Security, version of virus signature database 4895 (20100225) __________ The message was checked by ESET Smart Security. http://www.eset.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
