Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers!
/Peo, FreeWebSpace.net
You can check this: http://www.snort.org
It's the most popular open source intrusion detection system .
Good luck fending off your malicious attackers .
Best Regards,
Aloycasmir
Yep, you don't need to detect it, you need to prevent it. Google "prevent sql injection" or "protect sql injection" (and you can add the programming language in there too...)
As IDSs go, I think Snort is going to be the one everyone has heard of. Sax2 is probably a good tool to help with this too. But I don't have enough experience with either to know whether they will detect an SQL injection attack. Even so, it appears you've detected the attack without it. What you need to do is to harden your server at the application level so that SQL injection attacks are nullified. If you cannot do that, you could always set an alert and configure it to run a VBS script that shuts down SQL if an attack is detected.
There is no way to detect sql injection attacks as a script just works as it normally should.
If I sql inject to login as an admin, I login and it's the same if the real admin was to login.