A hacker attempting to access phpadmin hit our server using perl from multiple networks.
URL contained:
/profile.php?name='+UNION+SELECT+1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22+FROM+webl_admin%23
User agent: libwww-perl/5.811
IP #1: 207.210.89.18
Network:
OrgName: Global Net Access, LLC
OrgID: GNAL-2
Address: 1100 White St SW
City: Atlanta
StateProv: GA
PostalCode: 30310
Country: US
ReferralServer: rwhois://rwhois.gnax.net:4321
NetRange: 207.210.64.0 - 207.210.127.255
CIDR: 207.210.64.0/18
OriginAS: AS3595, AS16626
NetName: GNAXNET
NetHandle: NET-207-210-64-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.GNAX.NET
NameServer: DNS2.GNAX.NET
NameServer: NS1.GNAX.NET
NameServer: NS2.GNAX.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment: ********************************************
Comment: Reassignment information for this block is
Comment: available at rwhois.gnax.net port 4321
Comment: ********************************************
RegDate: 2005-04-12
Updated: 2007-06-01
RAbuseHandle: ABUSE745-ARIN
RAbuseName: GNAX ABUSE
RAbusePhone: +1-404-230-9150
RAbuseEmail: abuse@gnax.net
RNOCHandle: ENGIN7-ARIN
RNOCName: GNAX ENGINEERING
RNOCPhone: +1-404-230-9150
RNOCEmail: engineering@gnax.net
RTechHandle: ENGIN7-ARIN
RTechName: GNAX ENGINEERING
RTechPhone: +1-404-230-9150
RTechEmail: engineering@gnax.net
OrgAbuseHandle: ABUSE745-ARIN
OrgAbuseName: GNAX ABUSE
OrgAbusePhone: +1-404-230-9150
OrgAbuseEmail: abuse@gnax.net
OrgNOCHandle: ENGIN7-ARIN
OrgNOCName: GNAX ENGINEERING
OrgNOCPhone: +1-404-230-9150
OrgNOCEmail: engineering@gnax.net
OrgTechHandle: ENGIN7-ARIN
OrgTechName: GNAX ENGINEERING
OrgTechPhone: +1-404-230-9150
OrgTechEmail: engineering@gnax.net
IP #2: 62.146.47.98
inetnum: 62.146.47.96 - 62.146.47.111
netname: JF-NETWORK
descr: JFNetwork
descr: 97346 Iphofen
country: DE
admin-c: JF113-RIPE
tech-c: GT-RIPE
status: ASSIGNED PA "status:" definitions
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered
person: Jochen Freier
address: Ritterstr. 11-17
address: 97318 Kitzingen
address: DE
phone: +49 9321 9297990
nic-hdl: JF113-RIPE
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered
person: Thorsten Grosse
address: IP Exchange GmbH
address: Am Tower 5
address: 90475 Nuernberg
address: DE
phone: +49 911 30950 000
abuse-mailbox: abuse@ip-exchange.de
nic-hdl: GT-RIPE
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered
% Information related to '62.146.0.0/16AS15598'
route: 62.146.0.0/16
descr: IP Exchange GmbH
origin: AS15598
mnt-by: IPPARTNER-MNT
source: RIPE # Filtered