This may be more of an Apache question but was wondering if any other MediaWiki users have seen this...
There was someone who we assume has been trying to break into our web system request URLS such as /index.php?title=%53%70%65%63%69%61%6C%3A%52%65%63%65%6E%74%63%68%61%6E%67%65%73&d ays=14&limit=100&hidepatrolled=1%27%2F%2A%4E%2A%2F%6F%72%2F%2A%4E%2A%2F1%3D1%2F%2A%4E%2A%2F%61%6E%64%2F%2A%4E%2A%2F1%3D1%2F%2A%4E%2A%2F%61%6E%64%2F%2A%4E%2A% 2F2%3D2%2F%2A%4E%2A%2F%61%6E%64%2F%2A%4E%2A%2F%27%61%27%3D%27%61 which in turn really is... /index.php?title=Special%3ARecentchanges&days=14&limit=100&hidepatrolled=1%27%2F*N*%2For%2F*N*%2F1%3D1%2F*N*%2Fand%2F*N*%2F1%3D1%2F*N*%2Fand%2F*N*%2F2%3D2%2F*N*%2Fand%2F*N*%2F%27a% 27%3D%27a Some requests look like possible SQL injections.. /index.php?title=Special%3ARecentchanges%2F*N*%2For%2F*N*%2F(select%2F*N*%2Fcount(*)%2F*N*%2Ffrom%2F*N*%2FINFORMATION_SCHEMA.tables%2F*N*%2Fwhere%2F*N*%2Fadmin_loginname%3Dadmin_loginname)%3D-1%2F*N*%2Fand%2F*N*%2F0%3D0&hidepatrolled=1&days=14&limit=100&hideanons=1 We haven't seen this happening in a while now but we cannot be 100% positive that the visitor was not successful in getting in.. Thanks! _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
