SQL Injection attacks through registration page

Hi All

I am currently running a Joomla 3.2.1 website with CB 1.9.1 - The site has fallen victim to an SQL injection attack according to our host (60k worth of spam registrations). This keeps on happening even after we have instituted more anti spam/security measures. The site is still being attacked even though they cannot register but it is causing our host to server to hang as the server load is to high.

Has anyone else experienced a similar problem? Is there any way to resolve this issue?

Any help would be appreciated.

Regards Gillon

CB 1.9.1 has no known vulnerability, so it's resisting to those SQL injection attacks, but the issue here seems to be that your attacker is doing blind attacks without seeing that they don't succeed, and that your hoster seems to not be blocking IPs that overload their hosts.

If you have any report of (unlikely) successful SQL attacks, please use our contact form and then reply to the confirmation email with attachments containing the corresponding attacks that we will examine.

Back to the reported problem:

Most hosters block such massive (unsuccessful SQL attacks) which then become a DoS attacks with firewalls anti-DDoS systems to block abusing IP addresses.

Some hosters use a combination of mod_security and adaptative firewalls so that the attacking IP addresses get automatically banned.

Such things are best handled at hoster networking level, but if your hoster doesn't want to protect his network and servers and you do not want to change hoster, you can always try a Joomla security tool, like Akeeba Admin Tools, but it won't offload your server massively against DoS.

Hi Beat

Thanks for the feedback. Your statements are correct and we have had blind attacks from multiple IP's in China.

The hosted seems to think it is up to us to protect his network

I will relay the message to all concerned and suggest to the boss that we find another host