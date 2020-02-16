I got an error notification from one of my sites this morning, looking into it was rather odd why that error would occur, and started doing some digging.

Some cursory log searching revealed that a returning customer had triggered this error when they were doing a bit of door-handle rattling. Swapping numbers in the URL to things they didn't have permission to, and what looks like naive searching for SQL injection potential.

They were not successful and they certainly did nothing to hide who they were or what they were doing.

As I was writing up a report to pass onto the owner's of the site to judge the threat level for the purchase this user had made, I did some googling and the person is supposedly an employee of one of NZ's large telecommunications companies, and both this current order and one some time ago are from the same IP on that company's network (which has a rather dodgy sounding reverse dns), of course that doesn't mean they "did it from work" but it's not a great look.

Obviously this, and all my other sites are continuously under a barrage of attempts at exploit like everybody else and on the one hand they didn't do anything that the site shouldn't be able to fend off, but on the other hand this being a local and actual human trying their luck, and potentially associated with their employer, I dunno, it just kinda annoys me more than it perhaps should. If nothing else it's wasted an hour of my Sunday investigating it.

How do others feel about this sort of thing?