MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > Attacking with SQL query?
Full Version: Attacking with SQL query?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

n4is3n

2010-02-04, 04:22 PM
Today my forum suspended by hosting. They say a person has been detected doing query at MySQL database, thus consuming resources that cause a database service on the server connection interrupted, so they must suspend my forum for a while. I do not quite understand what they meant, but it sounded like someone trying to attack my MySQL database. What should I do? thanks a lot.

Dennis Tsang

2010-02-04, 05:18 PM
Make sure your passwords are secure and your software (incl. other ones you use on your site) are up to date.

Also ask them for logs of the SQL Queries if they have it.

Matt

2010-02-04, 05:40 PM
If they were actually running queries I'd have thought they'd be doing more malicious stuff than just slowing it down...

n4is3n

2010-02-04, 05:44 PM
This is SQL query log

| 23448 | hackern1_alzea   | localhost | hackern1_hn         | Query   |   79 |
Sending data   | SELECT p.pid, p.tid
                       FROM mybb_posts p
                       LEFT JOIN mybb_threads t ON (t.tid=p.tid)
                       WHERE 1=1      AND t.fid NOT IN
('1','32','48','2','33','43','49')  AND p.visible >= '0' AND t.visible >= '0' AND
t.closed NOT LIKE 'moved|%'  AND LOWER(p.message) LIKE '%sqli%'
|

| 23448 | hackern1_alzea       | localhost       | hackern1_hn         | Query   |
133 | Sending data   | SELECT p.pid, p.tid
                       FROM mybb_posts p
                       LEFT JOIN mybb_threads t ON (t.tid=p.tid)
                       WHERE 1=1      AND t.fid NOT IN
('1','32','48','2','33','43','49')  AND p.visible >= '0' AND t.visible >= '0' AND
t.closed NOT LIKE 'moved|%'  AND LOWER(p.message) LIKE '%sqli%'

they say, another sql query was not until like that

thx a lot

Tim B.

2010-02-05, 12:21 AM
That does look like an attempted SQL injection with the 1=1, maybe they were trying an exploit from an old version of MyBB. Make sure your fully updated to the latest version of MyBB and also have a look here http://blog.mybboard.net/2008/02/06/secu...tallation/ if you can identify the IP of the person as well then IP ban them. While that wont stop them from trying exploits it should stop any of them from being effective.

n4is3n

2010-02-05, 04:08 PM
@TIm
Thx a lot for your advice.

I always update my MyBB forum, and now i'm using 1.4.11 version.
I dont know how to find who's trying hack my forum. There are almost 3000 members in my forum... how to find this person?

thx so much.

frostschutz

2010-02-05, 04:11 PM
MyBB does 1=1 so it doesn't have to think about whether WHERE is already there or not.

The queries you posted don't look malicious to me.

User 2877

2010-02-05, 04:45 PM
Those are normal queries. It's likely your host are idiots. I bet they small noobs without a clue.

n4is3n

2010-02-05, 04:59 PM
so do you think this is normal? but why they must suspend my forum?

CyberWizard

2010-02-05, 05:25 PM
This is very simple: Ask them for a full cPanel backup and then go to another hosting company Wink
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > Attacking with SQL query?