MyBB Community Forums

Hello,

I've just been looking through our site error log, found 3 seperate entries..

If anyone could help fix them, that'd be great.

Error 1:

<error>
	<dateline>1288646175</dateline>
	<script></script>
	<line>0</line>
	<type>20</type>
	<friendly_type>MyBB SQL Error</friendly_type>
	<message>SQL Error: 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '}_users wHeRe uid=1-- f' ORDER BY dateline ASC LIMIT 0, 1' at line 1
Query: SELECT pid FROM mybb_posts WHERE tid='1463' AND dateline > '99999999999999999' AnD 1=0 UnIoN SeLeCt concat(0x3a,password,0x3a,salt,0x3a,loginkey,0x3a) fRoM {pre}_users wHeRe uid=1-- f' ORDER BY dateline ASC LIMIT 0, 1</message>
</error>




Error 2:

<error>
	<dateline>1288646295</dateline>
	<script></script>
	<line>0</line>
	<type>20</type>
	<friendly_type>MyBB SQL Error</friendly_type>
	<message>SQL Error: 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '}_users wHeRe uid=1-- f' ORDER BY dateline ASC LIMIT 0, 1' at line 1
Query: SELECT pid FROM mybb_posts WHERE tid='1463' AND dateline > '99999999999999999' AnD 1=0 UnIoN SeLeCt concat(0x3a,password,0x3a,salt,0x3a,loginkey,0x3a) fRoM {pre}_users wHeRe uid=1-- f' ORDER BY dateline ASC LIMIT 0, 1</message>
</error>




Error 3:

<error>
	<dateline>1289391978</dateline>
	<script>usercp.php</script>
	<line>2913</line>
	<type>2</type>
	<friendly_type>Warning</friendly_type>
	<message>Division by zero</message>
</error>

Thanks.

Someone's tried to SQL inject you, but failed. What plugins do you have??

(2010-11-15, 12:02 PM)MattRogowski Wrote: [ -> ]Someone's tried to SQL inject you, but failed. What plugins do you have??

---

bump...

Run the File Verification tool in the ACP to make sure all your files are up to date.

(2010-11-16, 01:41 PM)MattRogowski Wrote: [ -> ]Run the File Verification tool in the ACP to make sure all your files are up to date.

images/offlock.gif     Changed
images/off.gif     Changed
images/on.gif     Changed
images/toplinks/calendar.gif     Missing
images/toplinks/help.gif     Missing
images/toplinks/memberlist.gif     Missing
images/toplinks/search.gif     Missing
inc/languages/english/admin/forum_akismet.lang.php     Missing
inc/languages/english/akismet.lang.php     Missing
inc/plugins/akismet.php     Missing
inc/plugins/hello.php     Missing
install/images/bullet.gif     Missing
install/images/content_bg.gif     Missing
install/images/error_bg.gif     Missing
install/images/h2-admin.gif     Missing
install/images/h2-config.gif     Missing
install/images/h2-createtables.gif     Missing
install/images/h2-dbconfig.gif     Missing
install/images/h2-finish.gif     Missing
install/images/h2-license.gif     Missing
install/images/h2-requirements.gif     Missing
install/images/h2-tablepopulate.gif     Missing
install/images/h2-theme.gif     Missing
install/images/h2-welcome.gif     Missing
install/images/index.html     Missing
install/images/submit_bg.gif     Missing
install/images/tcat_bg.gif     Missing
install/images/thead_bg.gif     Missing
install/index.php     Missing
install/resources/adminoptions.xml     Missing
install/resources/adminviews.xml     Missing
install/resources/index.html     Missing
install/resources/language.lang.php     Missing
install/resources/mybb_theme.xml     Missing
install/resources/mysql_db_inserts.php     Missing
install/resources/mysql_db_tables.php     Missing
install/resources/output.php     Missing
install/resources/pgsql_db_tables.php     Missing
install/resources/settings.xml     Missing
install/resources/sqlite_db_tables.php     Missing
install/resources/tasks.xml     Missing
install/resources/upgrade1.php     Missing
install/resources/upgrade10.php     Missing
install/resources/upgrade11.php     Missing
install/resources/upgrade12.php     Missing
install/resources/upgrade13.php     Missing
install/resources/upgrade14.php     Missing
install/resources/upgrade15.php     Missing
install/resources/upgrade16.php     Missing
install/resources/upgrade17.php     Missing
install/resources/upgrade2.php     Missing
install/resources/upgrade3.php     Missing
install/resources/upgrade4.php     Missing
install/resources/upgrade5.php     Missing
install/resources/upgrade6.php     Missing
install/resources/upgrade7.php     Missing
install/resources/upgrade8.php     Missing
install/resources/upgrade9.php     Missing
install/resources/usergroups.xml     Missing
install/stylesheet.css     Missing
install/upgrade.php     Missing

Please don't delete posts and repsot them to bump the thread, I hadn't forgotten about this thread.

These errors happened 16 days ago, have you removed any plugins since then?? There are no known SQL injection vulnerabilities in 1.6, if there was, it's highly unlikely it would have been kept secret and no other forums would have been attacked for 16 days.

(2010-11-17, 09:41 AM)MattRogowski Wrote: [ -> ]Please don't delete posts and repsot them to bump the thread, I hadn't forgotten about this thread.

These errors happened 16 days ago, have you removed any plugins since then?? There are no known SQL injection vulnerabilities in 1.6, if there was, it's highly unlikely it would have been kept secret and no other forums would have been attacked for 16 days.

I'll look into the issue asap, was it caused by a plugin then?

Most likely, we've not had any reports of any vulnerabilities that could cause this, or anybody else having similar error messages. If you can, post any plugins that may have been removed since 1st November.

My awards, Jeese Labrocca..

pm spy, http://mods.mybb.com/view/pm-spy

RestrictIP, http://mods.mybb.com/view/restrict-ip

That's all the plugins that were removed since 1st November.

Then I'm not too sure where that query is even coming from, as I've gone through the files and can't seem to find it.

I take it there's not been any more errors like this at any point??