

Ask HN: urgent Security and unsuaul user activity - ahmedaly

Hello..
I need to ask about something...
There is a visitor who keeps visiting my website through multiple proxies at the same time, but as you know.. most of proxy services pass the real IP in the requests.<p>And after his visits, a mysql db errors keep raising..<p>I need to know.. is it normal that a user visits a website through multiple proxies at the same time?
======
lukencode
You are probably better off asking this somewhere like stackoverflow or
severfault but it sounds like someone might be trying an sql injection attack.
See if you can grab the url and querystring of the pages that are being
visited

~~~
ahmedaly
Hi and thanks for your response.

But I need to know in general.. is it something usual that someone visits a
website using multiple proxies at the same time?

~~~
lukencode
I doubt it is 'someone' as much as it is 'some bot' searching for sql
vulnerabilities. We occasionally notice a similar thing with a a bunch of
visits to a page with attempted sql injection in the query string. As long as
your inputs are sanitized (and you arent returning details on errors) you
shouldn't have a problem.

------
david_shaw
It's probably a botnet performing automated SQL injection checks on your site;
you definitely need to make sure that you are correctly sanitizing any user
input, especially if it's echoed back to the page (XSS) or used directly in a
database query (SQL injection).

 _Especially_ if you're having database problems, you're going to want to
check things. If you have a database of accounts, you might even consider
taking the site offline until you can verify that it is secure (and that it
hasn't already been dumped to an attacker).

