Identifying an automated SQL injection attack:

The SQL injection attack is identified by a series of HTTP GET packets being sent to a server hosting a web page and SQL database. The packet's must be requesting the same page and querying the same variable. Most importantly, they must happen in a short period of time to identify that they are not simply someone browsing the web page normally, but are in fact an automated SQL injection tool.

Automated SQL Tool: One such tool is sqlmap. Given a web address, it sends queries to it which identify whether or not it is vulnerable. If it is, different information can be retrieved from the vulnerable database. For example, the command

sqlmap -u [web address with query in it, e.g. 137.22.73.129/php/process.php?genre=%22pop%22] --dbs --users --passwords --privileges --tables --columns --current-db --current-user

retrieves just about everything about the structure of the database, including usernames and their passwords.