Welcome to Geeklog, Anonymous Friday, March 29 2024 @ 04:12 am EDT

Geeklog Forums

Securing get request


Status: offline

OMAL

Forum User
Regular Poster
Registered: 12/06/17
Posts: 107
I checked server logs and found sql injection attempts and sometimes mysql server is under load.
That malicious code was found in the part of customized parameter for get request.
My question is: are there any geeklog core function to secure parameters for get request?
Thanks.
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
Geeklog should filter all url parameters so any SQL injection should be stopped.

The latest version of Geeklog also does additional speed checks for certain requests (like ones that result in 404 errors) that result in errors and will ban the IP for a limited time.

The Geeklog plugins GUS and BAN also can work together to disable misbehaving IPs.

I've also lately started running this server level firewall which helps block requests before they reach the website. This is something you paste into the website htaccess file.

https://perishablepress.com/7g-firewall/
One of the Geeklog Core Developers.
 Quote

All times are EDT. The time is now 04:12 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content