How to view encoded string as text
My server log is showing a large number of entries like this
If I run the mime tool to url decode it, it shows as
Is there a way to convert it to plain text?
Hmm, what kind of “plain text” are you looking for?
Meaning, if you had what you want, what would your sample appear like?
@Alan-Kilborn I was hoping for something more human-readable where I don’t have to look up what the codes mean. So instead of CHR(113) it would show q.
Your server is logging Transact-SQL queries. mimeTools would have to extract and evaluate those by sending them to a live RDBMS.
Embedding SQL in a query string is a textbook example of SQL injection, so perhaps mimeTools isn’t your biggest problem right not.
It appears that your server is either under attack or is the victim of a successful attack. If it’s a public facing server under attack then the front end needs to be locked down more to prevent the attacks from getting to the server. If it’s the victim of a successful attack then you have a large problem.
Attackers generate hard to decipher strings to prevent or slow you from understanding better what is happening.
If I wanted to decode lots of text that looked like
CHar(113)+CHar(106)+CHar(98)+CHar(98)+CHar(113then I’d use something other than Notepad++ simply because I don’t know how to do it directly in Notepad++ without lots of thinking and looking things up to see if it’s possible or practical. As I know ASCII I mentally decoded it as
qjbbqwhich seems random and would be further evidence that you are likely dealing with an attacker or have been attacked.
It is also possible that there is no attacker. Some commercial packages generate hard to decode and understand code snippets to slow down attempts to reverse engineer how those packages work and/or to slow down or prevent attempts to perform automated data scraping of information that is being presented.
@mkupper Thank you for your thoughts on this. The strings are from hackers. They aren’t getting in. I wanted to have an automatic script to block them when they try since they try over and over. I know I can use regex to do that but I also wanted to see what they were looking for to see if it is something that might need tightening up. I would have a report that said something like, “10 attempts to access example.php”. But that seems not to be a simple thing so I will just block them with regex and leave it at that. Thanks, again.