HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


possibele hack msql injection.

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#35659 (In Topic #8040)
Avatar

Well-settled

This is tryed two time today, maby there is a hole somewhere in the core code?

A potential hacking attempt has been detected. Please do not be alarmed: approximately half of the suspected attempts are triggered innocently (ocPortal intentionally has a paranoid security model, to give you very high security). Real hacking attempts are almost always caused by 'bots' (computer programs) that automatically crawl the internet looking for websites which may contain vulnerabilities, and then reporting any found vulnerabilities to their 'master' for future exploitation (usually, to assist in spam relaying). If this was a real hack attempt, it has failed - you might want to try and analyse the logged details (in case it gives clues to a real and persistant offender). More information on security is given in the ocPortal documentation.

Reason: An invalid parameter ('keep_session' as 'UOL Busca') was sent to a script. Perhaps an XSS or SQL injection attack.
IP address: 82.61.189.117
Member ID: 1
Username: Guest
User Agent (typically, the web browser):
Referrer:
Operating System:
Date and time: 09 October, 2007, 02:02
URL: /index.php?page=start&keep_session=UOL Busca

This is the stack dump:

Code

A potential hacking attempt has been detected. Please do not be alarmed: approximately half of the suspected attempts are triggered innocently (ocPortal intentionally has a paranoid security model, to give you very high security). Real hacking attempts are almost always caused by 'bots' (computer programs) that automatically crawl the internet looking for websites which may contain vulnerabilities, and then reporting any found vulnerabilities to their 'master' for future exploitation (usually, to assist in spam relaying). If this was a real hack attempt, it has failed - you might want to try and analyse the logged details (in case it gives clues to a real and persistant offender). More information on security is given in the ocPortal documentation.

Reason: An invalid parameter ('keep_session' as 'http://busca.uol.com.br/uol/index.html?') was sent to a script. Perhaps an XSS or SQL injection attack.
IP address: 82.61.189.117
Member ID: 1
Username: Guest
User Agent (typically, the web browser):
Referrer:
Operating System:
Date and time: 09 October, 2007, 02:02
URL: /index.php?page=start&keep_session=http://busca.uol.com.br/uol/index.html?&cmd=id



If you believe this suspected hack attempt is neither correct nor benign, but rather actually represents a substantial stability problem in ocPortal, read the information below. Otherwise, do not read on.


Below is a stack trace revealing the state ocPortal was in when the error occurred. If this represents a bug in ocPortal's unmodified software, you may want to check ocportal.com for a fix, and if there isn't one, report this as a bug. Please note that merely posting a stack trace is not sufficient for us to solve your problem; the stack trace is just an aid that presents us with additional information. We still need to know the error message, the human situation, version numbers, and any other appropriate information.
We apologise for this problem and hope you will work with us so that we can fix it promptly.

File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/global2.php' Line '1,248' Function 'get_html_trace' Args
File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/global2.php' Line '1,458' Function 'log_hack_attack_and_exit' Args
'INVALID_PARAMETER_SENT'

'keep_session'

'http://busca.uol.com.br/uol/index.html?'


File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/global2.php' Line '1,521' Function '_param_invalid' Args
'keep_session'

'http://busca.uol.com.br/uol/index.html?'

false


File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/users.php' Line '730' Function 'get_param_integer' Args
'keep_session'


File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/templates.php' Line '96' Function 'get_session_id' Args
File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/global2.php' Line '824' Function 'get_page_title' Args
'ERROR_OCCURED'


File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/global2.php' Line '1,254' Function 'user_clean_exit' Args
object


File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/global2.php' Line '1,458' Function 'log_hack_attack_and_exit' Args
'INVALID_PARAMETER_SENT'

'keep_session'

'http://busca.uol.com.br/uol/index.html?'


File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/global2.php' Line '1,521' Function '_param_invalid' Args
'keep_session'

'http://busca.uol.com.br/uol/index.html?'

false


File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/users.php' Line '730' Function 'get_param_integer' Args
'keep_session'


File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/users.php' Line '379' Function 'get_session_id' Args
File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/site.php' Line '102' Function 'get_member' Args
Function 'init__site' Args
File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/global.php' Line '76' Function 'call_user_func' Args
'init__site'


File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/global2.php' Line '278' Function 'require_code' Args
'site'


Function 'init__global2' Args
File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/global.php' Line '76' Function 'call_user_func' Args
'init__global2'


File '/home/fycgron/domains/fyc-gron.nl/public_html/sources/global.php' Line '389' Function 'require_code' Args
'global2'


File '/home/fycgron/domains/fyc-gron.nl/public_html/index.php' Line '101' Args
'/home/fycgron/domains/fyc-gron.nl/public_html/sources/global.php'

Function 'require'


with regards… Harry

Back to the top
 
Posted
Rating:
#35663
Joe
Avatar

Honoured member

Chris Graham said

When I get these, occasionally I will track down the hacker's web host and report the offender to them.
There's not really much more you can do. Typically these attacks are automated on automatically-found sites, so there's likely no intent specifically to target you.

I've been getting a lot of these lately. I just keep banning whatever IP's are involved. You can optionally track down their host and report them too, but I don't think it's that serious.

Back to the top
 
Posted
Rating:
#35664
Avatar

Well-settled

it was serious attack, because my dedicated server wass already before sometimes hacked by pro spammers… But I have the data ofcourse from this attack. But I have set this ip into the ban.  :)
Back to the top
 
Posted
Rating:
#35666
Avatar

This is tryed two time today, maby there is a hole somewhere in the core code?

The fact that ocPortal reported it means the opposite. ocPortal has found someone/something trying to hack, blocked the request, and reported it. There is no actual vulnerability.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#35668
Avatar

Well-settled

Thanks Chris…

You never know  :thumbs:
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: