#1807 - Possible SQL injection attempt not detected as SQL injection attempt by Composr – Composr CMS: Your Data, Your Privacy, Your Control

This is a spacer post for a website comment topic. The content this topic relates to: #1807 - Possible SQL injection attempt not detected as SQL injection attempt by Composr

By Guest posted 16th Feb 2015, 3:50 AM

Our security detection picks out specific issues in-context, or escapes to make them non-issues -- trying to spot suspicious patterns across any parameter out-of-context would lead to performance slow-down and bugs.

By Guest posted 16th Feb 2015, 3:52 AM

Thank you for your filing the report though, it probably is a malicious bot.

If they had for example ".." in this parameter, we'd pick it up as a file-system attack, as this parameter is being used in a file-system context.

By Guest posted 16th Feb 2015, 10:21 AM

Is there any way that errors can track IPs, like security logs do? That way, I can ban bots like this as well as these bots/people who keep adding random URLs to the end of /pg/ .

By Guest posted 16th Feb 2015, 10:24 AM

I'll open an issue for that. Currently you'd need to look into the raw web logs.

By Guest posted 16th Feb 2015, 10:25 AM

Alright will do. Thanks ^^