Welcome to Geeklog, Anonymous Friday, July 19 2024 @ 08:01 pm EDT

Geeklog Forums

Securing get request

Status: offline


Forum User
Regular Poster
Registered: 12/06/17
Posts: 107
I checked server logs and found sql injection attempts and sometimes mysql server is under load.
That malicious code was found in the part of customized parameter for get request.
My question is: are there any geeklog core function to secure parameters for get request?

Status: offline


Site Admin
Registered: 09/27/05
Posts: 1468
Geeklog should filter all url parameters so any SQL injection should be stopped.

The latest version of Geeklog also does additional speed checks for certain requests (like ones that result in 404 errors) that result in errors and will ban the IP for a limited time.

The Geeklog plugins GUS and BAN also can work together to disable misbehaving IPs.

I've also lately started running this server level firewall which helps block requests before they reach the website. This is something you paste into the website htaccess file.

One of the Geeklog Core Developers.

All times are EDT. The time is now 08:01 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content