Detecting Hack Attempts with RegExp.

Results 1 to 2 of 2

Thread: Detecting Hack Attempts with RegExp.

  1. #1
    NeoRaven Guest

    Default Detecting Hack Attempts with RegExp.

    I am trying to design a detection routine for catching Hackers submiting bad Query String, Cookie, and Form data. I am hoping that someone has done at least some work on this sort of thing and might be able to provide some patterns. I also would appreciate any help on common Hacker attack methods or things to look for.<BR><BR>Thanks.

  2. #2
    Join Date
    Dec 1969

    Default RE: Detecting Hack Attempts with RegExp.

    Writing a intrutsion detection program would be difficult since you have to trap the request before IIS processess the request (for the big ones) OR for valid querystrings with bad data and went the route of regular expressions you would have to include the routine on each page and know the most of the possible variations.<BR><BR>Should you chose to do this on each page, then you would have to check things such as http_referrer to make sure they didnt originate the post from outside your site, you would have to know the possible valid querystring samples and then catch anything else. In short this would probably not be worth it because of all the possible ways to hack a site. This would be an expensive routine.<BR><BR>If you want to catch attempts like the old $::Data bugs and so forth then you are better off writing an ISAPI filter. Check here to get an idea on how to do that.<BR><BR>This can be modified to catch maliformed url&#039;s. Note this will not catch a valid url with querystring options.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts