This could be spam, or it could be someone doing a sort of "perimeter test" on your system to see if you use a captcha, if you validate certain types of data, if the data is posted somewhere public, etc.
For instance, the string "eecfocnmvwzu" looks random, but it might be specifically generated to be unique. An attacker can then do a search of your website looking for that string and, if it's found, they might know that they can script a form submission and have the results show up. Once they know that they might submit a new form that looks more legit but contains an attack of some kind, perhaps a XSS attack or a link to a website that hosts malware.
I don't know if that scenario is realistic, but it seems possible.
It's not an injection attempt, it looks like a bot is trying to submit spam comments to blogs and has mistaken your registration form for a comment form. Annoying, but not an attack.
You can normally tell SQL injection attempts as they look like snippets of code to some degree. This is bizarre in that unless they own those extremely bizarre domain names, there is no real benefit.
It could be someone just trialing / testing your form by typing with their Elbow... :P
发布评论
评论(4)
Sql 注入尝试看起来不像那样;)。
这只是垃圾邮件:)。
Sql 注入看起来更像是这样的:
Sql injection tries don't look like that ;).
This is just spam :).
Sql-injection looks more like this:
这可能是垃圾邮件,也可能是有人在您的系统上进行某种“外围测试”,以查看您是否使用验证码、是否验证某些类型的数据、数据是否发布在公共场所等。
例如,字符串“eecfocnmvwzu”看起来是随机的,但它可能是专门生成的唯一的。然后,攻击者可以在您的网站上搜索该字符串,如果找到,他们可能知道他们可以编写表单提交脚本并显示结果。一旦他们知道他们可能会提交一个看起来更合法但包含某种攻击的新表单,可能是 XSS 攻击或指向托管恶意软件的网站的链接。
我不知道这种情况是否现实,但似乎可能。
This could be spam, or it could be someone doing a sort of "perimeter test" on your system to see if you use a captcha, if you validate certain types of data, if the data is posted somewhere public, etc.
For instance, the string "eecfocnmvwzu" looks random, but it might be specifically generated to be unique. An attacker can then do a search of your website looking for that string and, if it's found, they might know that they can script a form submission and have the results show up. Once they know that they might submit a new form that looks more legit but contains an attack of some kind, perhaps a XSS attack or a link to a website that hosts malware.
I don't know if that scenario is realistic, but it seems possible.
为什么确实...
这不是注入尝试,它看起来像是一个机器人试图向博客提交垃圾评论,并将您的注册表单误认为是评论表单。烦人,但不是攻击。
Why indeed...
It's not an injection attempt, it looks like a bot is trying to submit spam comments to blogs and has mistaken your registration form for a comment form. Annoying, but not an attack.
您通常可以辨别 SQL 注入尝试,因为它们在某种程度上看起来像代码片段。这很奇怪,因为除非他们拥有那些极其奇怪的域名,否则没有任何真正的好处。
可能有人只是通过用肘部打字来尝试/测试您的表单...:P
You can normally tell SQL injection attempts as they look like snippets of code to some degree. This is bizarre in that unless they own those extremely bizarre domain names, there is no real benefit.
It could be someone just trialing / testing your form by typing with their Elbow... :P