Comments on: Mass SQL Injection Attack Going On http://danielmiessler.com/blog/mass-sql-injection-attack-going-on grep understanding Fri, 25 May 2012 02:15:50 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: ncloud http://danielmiessler.com/blog/mass-sql-injection-attack-going-on/comment-page-1#comment-111333 ncloud Tue, 08 Jan 2008 16:25:13 +0000 http://dmiessler.com/blogarchive/mass-sql-injection-attack-going-on#comment-111333 <p>I inherited a legacy .net website at work when I hired on about three months ago that is a security nightmare. Despite the IT department's admonitions, the security problems (among many others) were ignored. We were hit with this attack about a week ago and we had to take down the entire site for an entire weekend (Fri. - Sun.). Our final solution was to employ a kind of proxy between the web server and the internet to filter http requests, looking for potential attacks. The site is to massive and so poorly constructed that it would literally take us months to insert validation and input filtering for all forms.</p> <p>I have almost had it with taking orders from people who are plainly ignorant about technology, who think they can do my job better than I can, and who get paid significantly more than I do. Grrr...</p> I inherited a legacy .net website at work when I hired on about three months ago that is a security nightmare. Despite the IT department’s admonitions, the security problems (among many others) were ignored. We were hit with this attack about a week ago and we had to take down the entire site for an entire weekend (Fri. – Sun.). Our final solution was to employ a kind of proxy between the web server and the internet to filter http requests, looking for potential attacks. The site is to massive and so poorly constructed that it would literally take us months to insert validation and input filtering for all forms.

I have almost had it with taking orders from people who are plainly ignorant about technology, who think they can do my job better than I can, and who get paid significantly more than I do. Grrr…

]]> By: ncloud http://danielmiessler.com/blog/mass-sql-injection-attack-going-on/comment-page-1#comment-250542 ncloud Tue, 08 Jan 2008 16:25:00 +0000 http://dmiessler.com/blogarchive/mass-sql-injection-attack-going-on#comment-250542 <p>I inherited a legacy .net website at work when I hired on about three months ago that is a security nightmare. Despite the IT department's admonitions, the security problems (among many others) were ignored. We were hit with this attack about a week ago and we had to take down the entire site for an entire weekend (Fri. - Sun.). Our final solution was to employ a kind of proxy between the web server and the internet to filter http requests, looking for potential attacks. The site is to massive and so poorly constructed that it would literally take us months to insert validation and input filtering for all forms.</p> <p>I have almost had it with taking orders from people who are plainly ignorant about technology, who think they can do my job better than I can, and who get paid significantly more than I do. Grrr...</p> I inherited a legacy .net website at work when I hired on about three months ago that is a security nightmare. Despite the IT department’s admonitions, the security problems (among many others) were ignored. We were hit with this attack about a week ago and we had to take down the entire site for an entire weekend (Fri. – Sun.). Our final solution was to employ a kind of proxy between the web server and the internet to filter http requests, looking for potential attacks. The site is to massive and so poorly constructed that it would literally take us months to insert validation and input filtering for all forms.

I have almost had it with taking orders from people who are plainly ignorant about technology, who think they can do my job better than I can, and who get paid significantly more than I do. Grrr…

]]>