Re: [PHP] Am I being hacked?

2009-04-08 Thread Andrew Ballard
On Wed, Apr 8, 2009 at 12:05 PM, Michael A. Peters wrote: > Andrew Ballard wrote: > >>> >> >> You don't need a disassembler; I already said what that string is >> intended to do. If it is allowed to run on Microsoft's SQL Server, the >> hex value is implicitly converted to the string "WAITFOR DELA

Re: [PHP] Am I being hacked?

2009-04-08 Thread Michael A. Peters
Andrew Ballard wrote: You don't need a disassembler; I already said what that string is intended to do. If it is allowed to run on Microsoft's SQL Server, the hex value is implicitly converted to the string "WAITFOR DELAY '00:00:10'", which is then executed. It doesn't require semi-colons, as

RE: [PHP] Am I being hacked?

2009-04-08 Thread Warren Vail
Vail > -Original Message- > From: Yannick Mortier [mailto:mvmort...@googlemail.com] > Sent: Wednesday, April 08, 2009 8:07 AM > To: 9el > Cc: Bob McConnell; Richard Heyes; julian haffegee; PHP Mailing List > Subject: Re: [PHP] Am I being hacked? > > 2009/4/8 9el :

Re: [PHP] Am I being hacked?

2009-04-08 Thread Andrew Ballard
On Wed, Apr 8, 2009 at 10:04 AM, Bob McConnell wrote: > On Behalf Of Richard Heyes >>> I set up a simple form to save comments on my webpage, and after just > one >>> day of going live, i'm getting weird comments up like this >>> >>> declare @q varchar(8000) select @q = >>> 0x57414954464F522044454

Re: [PHP] Am I being hacked?

2009-04-08 Thread Yannick Mortier
2009/4/8 9el : > On Wed, Apr 8, 2009 at 8:04 PM, Bob McConnell wrote: > >> On Behalf Of Richard Heyes >> >> I set up a simple form to save comments on my webpage, and after just >> one >> >> day of going live, i'm getting weird comments up like this >> >> >> >> declare @q varchar(8000) select @q =

Re: [PHP] Am I being hacked?

2009-04-08 Thread 9el
On Wed, Apr 8, 2009 at 8:04 PM, Bob McConnell wrote: > On Behalf Of Richard Heyes > >> I set up a simple form to save comments on my webpage, and after just > one > >> day of going live, i'm getting weird comments up like this > >> > >> declare @q varchar(8000) select @q = > >> 0x57414954464F5220

RE: [PHP] Am I being hacked?

2009-04-08 Thread Bob McConnell
On Behalf Of Richard Heyes >> I set up a simple form to save comments on my webpage, and after just one >> day of going live, i'm getting weird comments up like this >> >> declare @q varchar(8000) select @q = >> 0x57414954464F522044454C4159202730303A30303A313027 exec(@q) >> >> >> I don't recognise

Re: [PHP] Am I being hacked?

2009-04-08 Thread Andrew Ballard
On Wed, Apr 8, 2009 at 9:23 AM, Richard Heyes wrote: >> I set up a simple form to save comments on my webpage, and after just one >> day of going live, i'm getting weird comments up like this >> >> declare @q varchar(8000) select @q = >> 0x57414954464F522044454C4159202730303A30303A313027 exec(@q)

Re: [PHP] Am I being hacked?

2009-04-08 Thread Richard Heyes
> I set up a simple form to save comments on my webpage, and after just one > day of going live, i'm getting weird comments up like this > > declare @q varchar(8000) select @q = > 0x57414954464F522044454C4159202730303A30303A313027 exec(@q) > > > I don't recognise this code - is this an attempt to d

Re: [PHP] Am I being Hacked ???

2001-08-07 Thread Sean C. McCarthy
Hi Mark, 408 is an HTTP status code meaning Request Timeout. The excerpt from the RFC2616 is: 408 Request Timeout The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time. Do you have lo