2010-06-21, 07:48 PM
I have noticed my error.log file filling up with errors that seem to suggest hackers or spammers are attempting to spread spam and are breaking MySQL queries. I'm not sure if it's SQL injection as there doesn't seem to be any attempt to create/update/delete anything. The fact it's generating an error and not working suggests MyBB is secure, but is there anything to worry about or anything I can do about this sort of thing:
For understandable reasons I removed the actual spammy message from the quote. Needless to say there are URLs abound for all sorts of drugs.
Quote:<error>
<dateline>1277100288</dateline>
<script></script>
<line>0</line>
<type>20</type>
<friendly_type>MyBB SQL Error</friendly_type>
<message>SQL Error: 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LOWER(p.message) LIKE '% SPAMMMY URL #%' LOWER(p.messag' at line 4
Query:
SELECT p.pid, p.tid
FROM dbprefix_posts p
LEFT JOIN dbprefix_threads t ON (t.tid=p.tid)
WHERE 1=1 AND t.tid='231' AND p.visible >= '0' AND t.visible >= '0' AND t.closed NOT LIKE 'moved|%' AND ( LOWER(p.message) LIKE '% SPAMMY MESSAGE HERE - SPAMMY MESSAGE HERE %')
</message>
</error>
For understandable reasons I removed the actual spammy message from the quote. Needless to say there are URLs abound for all sorts of drugs.