a__kc Posted June 28, 2004 Share Posted June 28, 2004 Hi, Recently I've received two email apparently from my installation of Advanced Guestbook (2.3.1) telling me about SQL errors. My guestbook is apparently unaffected (so far?) but I'm concerned about some kind of script attack. I hope this is just some failed attempt at running a spam script rather than a security compromise. I looked up the IPs, one's from Germany, another Italy. My guess is they've been grabbed from anonymous proxies -- I don't really know. What do you think? Anyone with similar experience? Should I ignore this or...? Thanks. -------- Original Message -------- Subject: Guestbook - Error Date: Sun, 27 Jun 2004 17:19:43 -0700 From: mydb_agbook1@localhost MySQL Error : Query Error Error Number: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://217.59.104.226/, 10' at line 1 Date : Sun, June 27, 2004 17:19:43 IP : 81.74.252.73 Browser : curl/7.9.5 (i586-pc-linux-gnu) libcurl 7.9.5 (ipv6 enabled) Referer : PHP Version : 4.3.7 OS : Linux Server : Apache/1.3.31 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.7 FrontPage/5.0.2.2634a mod_ssl/2.8.18 OpenSSL/0.9.6b Server Name : www.site.com . Quote Link to comment Share on other sites More sharing options...
TCH-Dick Posted June 28, 2004 Share Posted June 28, 2004 (edited) If you go to 217.59.104.226 in your browser you will see the code they were trying to inject into mysql. If you do a search you can see were they have tried this on other sites. Edited June 28, 2004 by TCH-Dick Quote Link to comment Share on other sites More sharing options...
TCH-Dick Posted June 28, 2004 Share Posted June 28, 2004 This thread might give you more info http://www.totalchoicehosting.com/forums/i...?showtopic=9922 Quote Link to comment Share on other sites More sharing options...
a__kc Posted June 28, 2004 Author Share Posted June 28, 2004 Thanks, guys, for the extra info. That injection statement looks weird but then I don't go around cracking people's sites. Since I did upgrade AG a few weeks ago to close off that hideous loophole, that's good. Hope everyone else here has done the upgrade, as well. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.