Someone is trying to SQLi my domain using sqlmap. I'm getting a lot of errors from mysql.
My server access log shows:
- - HTTP/1.1" 200 10559 "-" "sqlmap/1.0.4.0#dev (http://sqlmap.org)"
I have tried blocking the IP but the IP keeps changing. How to block sqlmap from server?
You can do an agent check, which will stop those who are dumb enough not to change the agent - block any request with an agent string that includes 'sqlmap'
However, I will note that if you are actually getting SQL errors, that is a sign that you may be vulnerable to SQL Injection. If you are properly using parameterized queries / DAOs / PDOs, you should not get a SQL error. An attacker should never be able to get your SQL to error - if they can, they may be able to change its execution.
