I don't know if at the last Blackhat conference if they had some talk on how to do SQL injection attacks, but every since the last one I have noticed a huge increase in the number of attacks
I have been getting alot of SQL injection attempts on a couple of my websites. Hackers are using a new technique by passing variables within the querystring. I have my site setup to blacklist any IP that triggers a few little traps. The attacks seem to be coordinated, as they usually come in swarms. If you want to see if you have been under attack, open your log files and do a search for the string "EXEC("
I am going to post the IPs I catch on my blog for others to use. It would be nice if HostMysite would start up their own Blacklist that some of the more experienced programmers could all contribute to.
I have made a little write up on how to protect your site against these SQL injection attacks
http://blog.whitesites.com/protecting-against-SQL-injection-attacks-using-querystring__633544300378186168_blog.htm
