An IP address originating in Mexico sent this query at us:
Decoded out, they sent us:
declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A323027 exec(@q)
Decoded out even further, they were trying to execute this:
WAITFOR DELAY '00:00:20'
While I'm glad that none of their attacks have been successful so far, it keeps me up at night worrying that maybe I missed validating a query-string variable or that I've forgotten to handle a text-box.
Asshats like this make me sick.