I've had an attacker try to gain access to one of my websites through a form using what looks like a blind SQL inject. It is a huge form, and every possible permutation of values has been tried - in total about 18000 of them.
He hasn't had any success (yay!), but I'm left with a bit of a puzzle: there are no unusual requests logged in the IIS logs. Nothing out of the ordinary.
I was reading http://ift.tt/1GbskoQ , and I wondered: Could an attacker purposefully prevent his requests from being logged? For instance, by sending the request and then dropping the connection before the response is sent (completely)?
Aucun commentaire:
Enregistrer un commentaire