Hacking attempt. What should I do?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

tech0925
Forum Commoner
Posts: 47
Joined: Wed Nov 09, 2011 2:46 pm

Re: Hacking attempt. What should I do?

Post by tech0925 »

I also run a forum. Out of curiousity, is this a hack attempt?

Database error in vBulletin 4.1.1:

Invalid SQL:

SELECT socialgroupcategory.title
FROM socialgroupcategory AS socialgroupcategory
WHERE socialgroupcategory.socialgroupcategoryid IN (-99) union select username from user where userid=1 and row(1,1)>(select count(*),concat( (select user.username) ,0x3a,floor(rand(0)*2)) x from (select 1 union select 2 union select 3)a group by x limit 1) -- /*);

MySQL Error : Duplicate entry 'this happens to be my username:1' for key 'group_key'
Error Number : 1062
Request Date : Sunday, February 5th 2012 @ 03:47:56 AM
Error Date : Sunday, February 5th 2012 @ 03:47:56 AM
Script : http://www.myforum.com/MF/search.php?do=process
Referrer :
IP Address : I Blocked this out
Username : Unregistered
Classname : vB_Database
MySQL Version :

I get this occasionally and usually several back to back when I do. Thanks
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Hacking attempt. What should I do?

Post by Mordred »

Oh yes. It's a successfull hack attempt too - not the example you're currently observing (you're seeing the failed attempts basically), but with a few tweaks I'm sure it can be made to work.

Edit: Wait, waitwaitwait. Are you seeing this on a web page or in your logs? Because if vBulletin shows that on a web page it IS a successfull hack - the SQL error is then deliberate and it can be used to pull and display whatever they like from the database.
tech0925
Forum Commoner
Posts: 47
Joined: Wed Nov 09, 2011 2:46 pm

Re: Hacking attempt. What should I do?

Post by tech0925 »

Not on the webpage, I get those errors emailed to me. Please tell me that aren't trying to hack that site too. Why are they so many hackers out there????
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Hacking attempt. What should I do?

Post by social_experiment »

tech0925 wrote:Why are they so many hackers out there????
If this is a question to which you want no answer and simply wrote this out of frustration ignore my reply;

Pick a reason: curiosity, profit, malice, revenge, thirst for knowledge. There are thousands more reasons (rational and irrational) why people do what they do.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Hacking attempt. What should I do?

Post by Mordred »

Well, as I said, with a little tweak this could be turned into blind SQL injection and used to steal any desired data from the database, just slower than this approach. Still, leeching the admin username and password hash will take something like minutes.

Change your password to a very very long one.
tech0925
Forum Commoner
Posts: 47
Joined: Wed Nov 09, 2011 2:46 pm

Re: Hacking attempt. What should I do?

Post by tech0925 »

Thank you Mordred!
Post Reply