I also run a forum. Out of curiousity, is this a hack attempt?
Database error in vBulletin 4.1.1:
Invalid SQL:
SELECT socialgroupcategory.title
FROM socialgroupcategory AS socialgroupcategory
WHERE socialgroupcategory.socialgroupcategoryid IN (-99) union select username from user where userid=1 and row(1,1)>(select count(*),concat( (select user.username) ,0x3a,floor(rand(0)*2)) x from (select 1 union select 2 union select 3)a group by x limit 1) -- /*);
MySQL Error : Duplicate entry 'this happens to be my username:1' for key 'group_key'
Error Number : 1062
Request Date : Sunday, February 5th 2012 @ 03:47:56 AM
Error Date : Sunday, February 5th 2012 @ 03:47:56 AM
Script : http://www.myforum.com/MF/search.php?do=process
Referrer :
IP Address : I Blocked this out
Username : Unregistered
Classname : vB_Database
MySQL Version :
I get this occasionally and usually several back to back when I do. Thanks
Hacking attempt. What should I do?
Moderator: General Moderators
Re: Hacking attempt. What should I do?
Oh yes. It's a successfull hack attempt too - not the example you're currently observing (you're seeing the failed attempts basically), but with a few tweaks I'm sure it can be made to work.
Edit: Wait, waitwaitwait. Are you seeing this on a web page or in your logs? Because if vBulletin shows that on a web page it IS a successfull hack - the SQL error is then deliberate and it can be used to pull and display whatever they like from the database.
Edit: Wait, waitwaitwait. Are you seeing this on a web page or in your logs? Because if vBulletin shows that on a web page it IS a successfull hack - the SQL error is then deliberate and it can be used to pull and display whatever they like from the database.
Re: Hacking attempt. What should I do?
Not on the webpage, I get those errors emailed to me. Please tell me that aren't trying to hack that site too. Why are they so many hackers out there????
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Hacking attempt. What should I do?
If this is a question to which you want no answer and simply wrote this out of frustration ignore my reply;tech0925 wrote:Why are they so many hackers out there????
Pick a reason: curiosity, profit, malice, revenge, thirst for knowledge. There are thousands more reasons (rational and irrational) why people do what they do.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: Hacking attempt. What should I do?
Well, as I said, with a little tweak this could be turned into blind SQL injection and used to steal any desired data from the database, just slower than this approach. Still, leeching the admin username and password hash will take something like minutes.
Change your password to a very very long one.
Change your password to a very very long one.
Re: Hacking attempt. What should I do?
Thank you Mordred!