Hey Shopify community,
During my normal monitoring of my store, I noted some strange strings of text in the "some of your visitors can't find what they're looking for" widget over the past few days.
I don't have a lot of programming background, but to me these seem like they could be attempts at SQL injections to my store or some other sort of malicious intrusion attempt:
"0 xor if now sysdate sleep 12 0 xor z"
"if now sysdate sleep 12 0"
"1 waitfor delay 0 0 12"
We haven't noticed anything unusual and I would imagine Shopify has appropriately sanitized the inputs for customer-facing fields, but I wanted to reach out and see if this was something I need to be more concerned about. Thanks in advance to anyone with input on this!
I was just reading about it on reddit forums by accident. This seems to be probably some weak attack en masse. Shopify engineers for sure secured obvious things like that.