Mass SQL injection IP bans

  • 14 views
  • 0 comments
Hello everyone,

Today, composr.app experienced a large (by our standards) SQL injection attack attempt from many IP addresses. Composr's hack attack system picked up on it, but because every IP address only attempted the attack once, I had to manually ban all involved IP addresses.

The following IP address groups have been banned from composr.app; if you were using them to access composr.app, then you probably aren't able to see this article, anyway. But you should use a different IP address. You may wish to also ban these IP addresses from your site.

Code

154.193.152.* Mass SQL injection attempt
154.193.153.* Mass SQL injection attempt
154.193.159.* Mass SQL injection attempt
154.199.14.* Mass SQL injection attempt
154.199.15.* Mass SQL injection attempt
154.199.69.* Mass SQL injection attempt
154.222.132.* Mass SQL injection attempt
154.82.150.* Mass SQL injection attempt
154.82.168.* Mass SQL injection attempt
154.82.169.* Mass SQL injection attempt
154.82.171.* Mass SQL injection attempt
154.86.112.* Mass SQL injection attempt
154.86.113.* Mass SQL injection attempt
154.86.114.* Mass SQL injection attempt
156.239.156.* Mass SQL injection attempt
156.239.157.* Mass SQL injection attempt
156.239.195.* Mass SQL injection attempt
156.239.197.* Mass SQL injection attempt
156.239.199.* Mass SQL injection attempt
156.239.200.* Mass SQL injection attempt
156.239.202.* Mass SQL injection attempt
156.239.204.* Mass SQL injection attempt
156.239.206.* Mass SQL injection attempt
156.239.209.* Mass SQL injection attempt
156.239.210.* Mass SQL injection attempt
156.239.212.* Mass SQL injection attempt
156.239.214.* Mass SQL injection attempt
156.239.218.* Mass SQL injection attempt
156.239.221.* Mass SQL injection attempt
156.239.222.* Mass SQL injection attempt
156.239.223.* Mass SQL injection attempt
156.242.51.* Mass SQL injection attempt
156.249.124.* Mass SQL injection attempt
156.249.126.* Mass SQL injection attempt
156.249.127.* Mass SQL injection attempt
45.206.72.* Mass SQL injection attempt

I have a new tracker issue for adding an "under attack" mode to Composr to help mitigate attacks like that in the future (for composr.app and any Composr site). Please comment any thoughts that you have.

#6322 - Add an under attack mode

Add an under attack mode

View

Edited

← Previous Article

Emergency Changes