Hi,
Today we have had an SQL Injection attempt on my site via the J-Business Directory.
I was getting 1000's of emails for "You have received a response for the review posted for the company".
I had to disable emails in Joomla to try and stop the emails from sending.
When I had a look in my Nginx access.log files I saw the following:
193.57.40.55 - - [11/Feb/2022:13:40:19 +0000] "GET /things-to-do/places-to-go/days-out-1/national-trust-3?firstName=%28SELECT%20CONCAT%280x71706b6b71%2C%28SELECT%20%28ELT%289033%3D9033%2C1%29%29%29%2C0x717a787071%29%29&lastName=1&email=1&review-response-terms-conditions=1&option=com_jbusinessdirectory&task=companies.saveReview Response&view=companies&reviewId=1&companyId=4746 HTTP/1.1" 303 5 "-" "Opera/9.00 (Windows NT 6.0; U; en)"
Can you please confirm if the J-Business directory code stops an SQL Injection?
Thanks
There is a security filter in place that escapes all parameters that are being accepted.
This is more like a spam attack. You can activate captcha in JBD to avoid this.
Also,
Akeeba Site Tools and your hosting provider have settings for spam attacks, SQLiShield protection, and more.
- See Here: Admin Tools for Joomla! - Akeeba Ltd
Thanks for your help on this.
Instead of installing Akeeba Site Tools, I have installed the Web Application Firewall, NAXSI as a Nginx Module. Hopefully this will block this type of spam attack!
You can have both..