Since the site went live several months ago it has been subjected to several ‘attacks’ most are the usual assortment of SQL injection worms etc but there have been several manual probes which have consisted of URL manipulation, POST injection etc.
Thankfully none of these have succeded as the code is pretty sturdy and validates all input and ensures that all parts of an AJAX request or a POST follow a very strict set of rules / process precedant.
Today at around 18:20 someone started poking around the site, loading up the interactive parts of the site. Then they started trying to manually call AJAX functions or inject SQL statements here and there (mainly geared around deleting the sites they had been playing with earlier).
5 minutes later an automated script started hammering the Wiki sections of 40% of the sites on record (the sites targeted earlier were part of this). The script added either complete jibberish or an offensive message.
Because of the potential for this sort of activity a script I’ve come to call the ‘Oversight monitor’ triggered and sent me a text, thankfully I’ve cleared up the DB and have temporarily removed the vector this person was using.
You can still edit the Wiki sections via the Map interfaces as these use Javascript functionality that is considerably harder for scripts to mess with.
It looks like I’m going to have to add Captchas or some other method to prevent this sort of thing from happening again.
