I get a lot of logs saying someone is trying to reach
/sign_in?t=login'+union+select+char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33)+--+
now, /sign_in?t=login is a valid url. the rest is the sqli attempt..
What are they trying to do?
This looks like a fully automatic attack which is performed by bots on random websites they find.
The attack is trying to get your database to output the string &~! (ASCII values 38, 126 and 33). They likely parse your websites response for that string and when they find it, the bot assumes that it was the result of its injection and reports it to a human cracker as a potential target for a more targeted attack. The cracker will then take a look at your site and consider if the data you have might be worth their time. Only when you appear to be a lucrative target will they pursue further actions.
Did you take the usual precautions to secure your website against SQL injections? Then you have nothing to worry about.
char(38,126,33)you will find many more attempts. I think in itself this attempt is harmless, it is only used to test whether a SQL injection is possible. Only if it is, more exploit attempts will follow. – Jeff Aug 24 '14 at 08:20&~!without using quotes. The SQL select three innocent but uncommon characters from the database. The exploiter will watch if those three characters end up in the resulting HTML page and know there is a vulnerability. – Jeff Aug 24 '14 at 08:28