We caught a group trying to use SQL Injection. Two weeks ago I contacted Yahoo customer service with a violation of their TOS. I think SQL Injection attempts are a violation of their terms of service.

BywordOnline did nothing. Register.com said they won't do anything because, of all things, the Supreme Court said they don't need to accept responsibility for their registry. Yahoo and GeoCities did nothing. Today I sent a second notice. Here it is:

Your site (Geocities) is being used for attempted SQL injection by hackers.

Here is the text they attempt to inject:
http://www.geocities.com/kamar_n0ldy/badboy/inject.txt

Here is what they attempt to display when they hack a site:
http://www.bywordonline.com/scorp/index.html

I will also send a report to bywordonline.com registrars and hosts.

These idiots need to be terminated today.

This is my second email over a period of two weeks. We represent the Php-Nuke listing community at nukefind.com, and as such we are all sensitive to SQL injection hacking by people like these.

We reserve the right to post the actions taken or not taken by Geocities and Yahoo relative to this SQL injection attempt.

Tim Blake
Network Administrator