Should you report SQL injection attempts?

If you have a website running on WordPress, Joomla, Drupal or any other database driven system, it will only be a matter of time before it attracts the attention of would be hackers.

Most attacks actually originate from “zombie” machines that the owner has no idea is taking place. So even if you report them to their ISP and their ISP cuts off the connection, until they have their machine cleaned, they will probably just end up infected again later.

If we could get everyone to remove one zombie machine from the internet it would make a huge difference. Unfortunately, since it takes some slight effort to track down the root of the problem, most people will do no such thing.

Reporting Home PC’s Vs Reporting Servers

There is an instance where it can be very worthwhile and that is when the originating machine is part of a hosted network. Removing a compromised server from the World Wide Web is a very desirable objective. As many such servers are actually small business VPS systems, the owner of the VPS server might not even realize it has been compromised. Therefore, giving them the “heads up” can be considered as a charitable excercise.

The other difference is the sheer scale of attacks the server is capable of delivering, versus a home personal computer. The bottom line being that, if you are going to use some time doing your best to clean up the Web, you will achieve more by targeting the bigger issues.