6 posts by 5 authors in: Forums > CMS Builder
Last Post: October 18   (RSS)

A client's form page (takes info/inserts into db) was aggressively attacked and I suspect they were able to get some information from the form submission...somehow. All 22,577 attempts (yes...22 thousand new database records added). Every single one of the order attempts had code, or just name, of "Acutenix"...which was in either the name or the company name fields. They tried different ways and means but all had the Acutenix tag somewhere in the record. I have seen, but never used or gone to their site (in case they are hackers) but the descriptions within the search engine results reveals a "Acutenix Vulnerability Scanner" to test your site. I can't help but wonder if their site accumulates targets by virtue of their software. I just don't know enough right now...other than at least part of their attempts succeeded because information was compromised.

Has anyone here had experience with a like attempt?

Thank you in advance.

Cheers,
"Insanity is doing the same thing over-and-over while expecting a different result."

Wow!

Thankfully, no experience with this.

Sorry to hear about the attack.

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!

Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

I have never experienced an attack by that company but I have seen other attacks of similar nature.

Do you use any form of CAPTCHA such as from Google?  If not, I suggest doing so.  That tends to cut down on the Spam.

You could also edit the form code to limit the number of submissions by WAN IP however true hackers will be able to spoof their IP or use compromised computers to hit your form.

You could adjust your submission code to check to see if the same or similar values are being entered into the fields before actually passing to the database.  In my experience the robot tends to paste the same value into most of the form fields.

Hi Equinox,

I'm sorry to hear you experienced such an attack. There's unfortunately not much that can be done to reverse something like this, but going forward I can also recommend using a CAPTCHA as an effective method to cut down on similar automated attacks in the future.

I did have a look at Acunetix and they appear to be a legitimate security company that helps websites locate and fix technical vulnerabilities. However, it's theoretically possible for these sorts of vulnerability scanning tools to be obtained by 3rd parties for malicious use, which looks like it may have been done here.

Best of luck, and let us know if there's anything we can do to help support you.

Daniel
PHP Programmer
interactivetools.com

Hi equinox, 

We've had mass submissions by Acutenix scanners before (and many others).  It's a scanner used to detect vulnerabilities.   Unfortunately, it's just the nature of being on the internet.

Some possible fixes for the future: 

  • You can use the Developer Console plugin to execute a MySQL query that removes all records containing Acutenix (or the IP used to submit requests)
  • You can block the submitting IP in your .htaccess file.
  • You can add a couple lines to code to return a 404 error for any requests that contain "Acutenix"

It's annoying and frustrating, but an ongoing battle.  We get ongoing spammers trying to sign up to our forum and started using Google Captcha and a IP based reputation scoring service to help filter them out.

Let me know if you have any other questions.

Dave Edis - Senior Developer
interactivetools.com