Question
I've noticed a bunch of really strange results in Magento's Search Query field. What are these from? Are we getting hacked by someone?
Here are some examples:
spice' and sleep(4.326)='
spice' and (sleep(4.326)+1) limit 1 --
spice" and sleep(4.326)="
spice' or (sleep(4.326)+1) limit 1 --
spice" or (sleep(4.326)+1) limit 1 --
Maybe it is just the PCI scan I asked you guys to run for me, but I wanted to be sure.
Answer
This is not part of the PCI scan we're running for you now and instead is definitely a SQL Injection attack mechanism, but I've only seen this attack vector with Microsoft SQL Server.
Let me get our Linux IT Administrator involved to verify my findings.
Linux System Administrator
Nothing to worry about here. While this is indeed an attempt at SQL Injection, it's one that would only work on a a Microsoft SQL Server database.
Your Magento database is running on MySQL, which doesn't even have a 'time delay' statement. Additionally, your Magento database is well hardened against SQL Injection attacks and our Intrusion Detection System actively blocks the offending attackers IP address.
This attacker is not getting anywhere with your Magento website.