Empty entries rendomly entered into mySQL table (Not by me!)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
hedgehog90
Forum Newbie
Posts: 1
Joined: Wed Oct 21, 2009 7:02 am

Empty entries rendomly entered into mySQL table (Not by me!)

Post by hedgehog90 »

I run a flash games website called http://www.GPStudios.com.
Since its launch, we've been getting an extremely strange bug that has been getting worse and worse and worse.
It's only with one table, the table that contains all the game info.

When I woke up this morning I had 30 blank entries in the table (Most nights its about 10) all at different times in the night.
Image

I have a backend system that allows me to upload games, when I click "upload" it calls a php file that then validates and then enters the data into the system.
I confirmed last night though that it couldn't be this code running, as i temporary deleted the file.
I can also confirm that there is therefore NO script that is running on the website that could generate these blank records, I have a piece of software that allows me to search for a string in multiple documents, and I searched the string "insert into games". All it came up with the php where I knowingly put this.
Also, in the code to add the new game info, I have told it to get the time and date, "now()", but as you can see by the picture, it just enters a nothing date.

It is as if someone is directly inserting blank records via phpmyadmin... But this is impossible.

I've talked to my host (Hostgator) with 4 different support technicians, and they said it couldn't possibly be them.

Please please help me fix this, it's destroying my website. At the moment I have to check it every 30 minutes to see if there are any of these ghost entries.

-Tom
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: Empty entries rendomly entered into mySQL table (Not by me!)

Post by cpetercarter »

Very difficult to know where to begin with a problem like this.

If the blank entries are the result of malicious activity, then it might be sensible to change all passwords and cancel cookies (if you can do this). Then, bear in mind that your upload script is not the only script which interacts with the games table. Every button on your website which loads a game, or finds games in a given category, presumably has to interact with the games table. And so does the search box - in fact, the search box might be the place to look first, since it is an opportunity for users to generate their own data (the search term) to interact with the database, and therefore represents a possible opportunity for SQL injection.
Post Reply