I work with a company that creates marketing software, we recently created a forum so we could talk with users who need support.
I'm the main admin on this forum and a user, let's call them person1
has been trying to run PHP code in the comments. I originally thought maybe he was referring to the question with it, but then their comments all started getting marked as spam and needed review. After a handful of comments, I decided to IP Ban them.
Fast forward a month or so, and now someone has been filling out all the forms on our site, in the name slot they used the same username person1
, but now they are trying to append html code into the inputs. Each form submission gets sent to email and it showed that he was able to execute an image tag and an a tag in the field. The images weren't malicious or anything, just cat pics, but the links were things like http://www.phishing-site.com
and http://www.evil.com
. And they also tried running a few SQL statements in the hopes of Dropping our DB.
I ended up looking up their username online and there are multiple accounts by the same name sitting in queue for bug bounties from companies like Paypal, Apple and Windows. Is it possible that they are just running a script to search for bugs in our system, or are they trying to do something more malicious? What could be a possible solution for this?