Someone posted a comment to this blog earlier, looks like they where trying to use SQL injection to beat the spam filters or it may have been a real person trying their luck.

Anyway I find this stuff pretty interesting so I thought I would post the attack, here is what he posted:

Bill883205666′,’928884583billy@msn.com’,”,’10.134.123.1′,’2008-06-14 08:04:27′,’2008-06-14 08:04:27′,”,’0′,’lynx’,’comment’,’0′,’0′),(’0′, ”, ”, ”, ”, ‘2008-06-15 08:04:27′, ‘2008-06-15 08:04:27′, ”, ’spam’, ”, ‘comment’, ‘0′,’0′ ) /* | None | IP: 124.217.227.127

I think it’s pretty clever how he trys to make the SQL post his message with a fake IP address, I’m also really curious why he takes the trouble to add a fake spam comment to the end of the query.

Doing a reverse lookup of the IP address it seems to be someone’s server / hosting with a shared IP from svservers.com. I guess this guy didn’t get his own IP address.

Results

124.217.227.127 resolves to “svservers.com“

Top Level Domain: “svservers.com“

Country IP Address: MALAYSIA

Anyway that’s all for now, If anyone could explain more about what he’s up to I would be really interested to hear it.

Edit: My blog used to run Wordpress so this post made a lot more sense at the time. I now use CouchDB and comments are powered by Disqus anyway so it's kind of doubley pointless