504 with SQL Injection?

Dear Support/Community

I got the Following Messages from my Server -Admins and would like to know, what i can do, so this will never happend (also is seems that it has something to do with Cloudflare?). Can you please point me in the right direction?
— cut —
It looks like the site was under an SQL Injection attack trying to insert code through the commenting system. This slowed down the site significantly as it had the similar effect of a DDoS attack.

The Cleantalk Spam Protect plugin was blocking it until the database was overwhelmed and the plugin could no longer read or write from it.

The IP address making the attack was 212.13.183.62 and showed up in an abuse database:
https://www.abuseipdb.com/check/212.13.183.62

We’ve blocked that IP address in the server’s Firewall. Usually, Cloudflare will prevent this kind of attack before it reaches the server, but it looks like it didn’t trigger the flags in their system.
— cut —

So, is it something, that i can do on the Cloudflare side?

Thanx a lot in adv. for for any Idea!!!

Hi @ReinhardJung, on your overview tab, have you enabled Under Attack Mode?

An SQL injection is not a denial of service attack and vice versa.

If someone flooded you with SQL injections it basically was a denial of service and the SQL injection part didnt really matter.

If it slowed down because the SQL injection was successful, however, there is a completely different problem than a denial of service, as the former should not succeed to begin with.

Apart from any uptime issues, you should really clarify what the problem was. If it was a successful injection of SQL statements you should really address that first.

Yeah… You can block the IP now, click the Under Attack button in the Dashboard, etc… but if someone successfully performed a SQL injection, they could have accessed / downloaded your entire database… Do you store user login information, email addresses, passwords, etc? They could have gained access to all of that information!

But if your server stopped responding because the load was too high, but none of the SQL injections were successful, then that is not as bad… Block that IP, maybe integrate some rate limiting in to your app… Ex: Require a certain amount of time to pass between user requests that access your database to help prevent this from happening again…

This topic was automatically closed after 30 days. New replies are no longer allowed.