2012-01-23, 11:45 PM
Hello.
My host is reporting to me that my site have some weird things related to RFI(Remote File Inclusion) and SQL Injection.
Well, my website hasn't login or any other validation, just my forums, that use MyBB 1.6.5.
I remember that some days ago I changed a php.ini config that was:
allow_url_fopen
It was "off" and I changed to "on" to test something. Well, I forget it as "on" and as I posted some days ago people started with a mass login into my forum, so I just set it to "off" again and LOOK'S LIKE that that problem stopped.
I'm not that good with web programming and they gave some logs about those RFI and SQL Injection, but I couldn't undestand, so if someone would like to check it I can send it via PM since it contains some folders from my server etc.
I don't belive that MyBB has the SQL Injection vulnerability, but in any case it's better to confirm.
Thank you
My host is reporting to me that my site have some weird things related to RFI(Remote File Inclusion) and SQL Injection.
Well, my website hasn't login or any other validation, just my forums, that use MyBB 1.6.5.
I remember that some days ago I changed a php.ini config that was:
allow_url_fopen
It was "off" and I changed to "on" to test something. Well, I forget it as "on" and as I posted some days ago people started with a mass login into my forum, so I just set it to "off" again and LOOK'S LIKE that that problem stopped.
I'm not that good with web programming and they gave some logs about those RFI and SQL Injection, but I couldn't undestand, so if someone would like to check it I can send it via PM since it contains some folders from my server etc.
I don't belive that MyBB has the SQL Injection vulnerability, but in any case it's better to confirm.
Thank you