Someone posted a comment to this blog earlier, looks like they were trying to use SQL injection to beat the spam filters or it may have been a real person trying their luck.

Anyway I find this stuff pretty interesting so I thought I would post the attack, here is what he posted:

Bill883205666','928884583billy@msn.com','','10.134.123.1','2008-06-14 08:04:27','2008-06-14 08:04:27','','0','lynx','comment','0','0'),('0', '', '', '', '', '008-06-15 08:04:27', '2008-06-15 08:04:27', '', 'spam', '', 'comment', '0','0' ) /* | None | IP: 124.217.227.127

I think it’s pretty clever how he tries to make the SQL post his message with a fake IP address. I’m also really curious why he takes the trouble to add a fake spam comment to the end of the query.

I looked up the IP address it seems to be associated with a shared server provided by svservers.com. I guess this guy didn’t get a private IP address.

Results
124.217.227.127 resolves to "svservers.com"
Top Level Domain: "svservers.com"
Country IP Address: MALAYSIA

Anyway that’s all for now. If anyone could explain more about what he’s up to I would be interested to hear it.


Edit: My blog used to run WordPress, so this post made a lot more sense at the time. I now use CouchDB and comments are powered by Disqus.


Edit2: I no longer use a database at all for the blog! Unfortunately, in the transition, the quotes from the SQL have been munged somewhat. Hopefully, I’ve got them right…