HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.
Proud to be a PHP Open Source CMS
Learn more

> Home » Forum home » Deploying » View topic

SQL_Injection_hack

Login / Search

 [ Join | More ]
 [More]
 Add topic 
Posted
Rating:
#71018 (In Topic #14986)
psydoc
Avatar

Community saint
Hi everyone, I just recently added a new category to our forums in OCF. Within the last few hours, everyone who attempts to enter the category receives the message, "An Error Has Occurred", The website software has detected what may be a hacking attempt. The stack trace indicates it is an SQL injection hack. My server log doesn't even record the error, so it is difficult to add anything. I am still using 5.0.2 :$ Any ideas on what I should do? I would post the full stack trace, but I am even having trouble getting this to post. :(
Back to the top
 
Posted
Rating:
#71019
Chris Graham
Avatar

ocStaff (admin)
Hi,

Could you forward the hack-attack notification that would have been sent to your staff address to chris@ocportal.com.


Become a fan of ocPortal on Facebook or add me as a friend.

Expand: Was I helpful? Was I helpful?

Expand: Follow me on Twitter Follow me on Twitter







If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource.
Back to the top
 
Posted
Rating:
#71021
psydoc
Avatar

Community saint
Hi Chris,

I just forwarded the message to you.

Thanks,
Keith
Back to the top
 
Posted
Rating:
#71022
psydoc
Avatar

Community saint
Hey Chris,

I found the problem. It was an advertisement function from Forbes.com. Once I removed the offending post in the forum, all was right with the world, again.  :)

I have just completed an upgrade to 7.1. I have just a few issues with my old theme, and once that is done, the world will continue to spin on its axis once again, and we can all begin to breath naturally.  :lol:

Thank you so very much for all the great work you do with OCP. I recommend OCP every chance I get. The flexibility of your script is phenomenal.

Regards,
psydoc (Keith)
Back to the top
 
Posted
Rating:
#71023
Fletch
Avatar

Community saint

psydoc said

… an advertisement function from Forbes.com.
I recommend OCP every chance I get. The flexibility of your script is phenomenal.
WB Keith. Been absent for too long, but there again, if you are mixing with the 'Forbes Rich' it is probably understandable!

 :lol:
Take my advice. I'm not using it!

View my working ocPortal site (version 9.x.x) at Anglo-Indian Portal
Back to the top
 
Posted
Rating:
#71025
psydoc
Avatar

Community saint
 :lol:  :lol:  :lol:

Hey Fletch,

Unfortunately, I don't mix with the 'Forbes Rich', I just post articles from there, once in a while.

Thanks for the welcome. I hope everything is going well with you, and everyone at OCP.  :thumbs:
Back to the top
 
Posted
Rating:
#71026
psydoc
Avatar

Community saint
btw Terry, may I use your ITOD, "Miss Airport 2011"?
Back to the top
 
Posted
Rating:
#71030
Fletch
Avatar

Community saint
Help yourself Keith. I can send you all 13 zipped if you want to stagger them.

The 13th is …

Health Tip

 :lol:
Take my advice. I'm not using it!

View my working ocPortal site (version 9.x.x) at Anglo-Indian Portal
Back to the top
 
Posted
Rating:
#71032
psydoc
Avatar

Community saint
 :lol:  :lol:  :lol:  :lol:  :lol:  :lol:  :lol:

I would love to post those. Do you still have my email?
Back to the top
 
Posted
Rating:
#71033
Fletch
Avatar

Community saint
On its way …

Take my advice. I'm not using it!

View my working ocPortal site (version 9.x.x) at Anglo-Indian Portal
Back to the top
 
Posted
Rating:
#71034
psydoc
Avatar

Community saint
Thanks, Terry!

I love your site. You have done a lot with it since I looked at it last.
Back to the top
 
Posted
Rating:
#71058
Chris Graham
Avatar

ocStaff (admin)
lol


Become a fan of ocPortal on Facebook or add me as a friend.

Expand: Was I helpful? Was I helpful?

Expand: Follow me on Twitter Follow me on Twitter







If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource.
Back to the top
 
Posted
Rating:
#71059
Chris Graham
Avatar

ocStaff (admin)
Right. The SQL injection checker did not like:

Didn't Save Union Jobs

because the apostrophe in the query looks like a string section is being ended then 'union' is SQL to join queries together (hackers often use it to inject malicious queries). I'll see if we can make the scanner smarter here.


Become a fan of ocPortal on Facebook or add me as a friend.

Expand: Was I helpful? Was I helpful?

Expand: Follow me on Twitter Follow me on Twitter







If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource.
Back to the top
 
Posted
Rating:
#71060
Chris Graham
Avatar

ocStaff (admin)
Hmm, we already fixed it.

Look for the SQL_INJECTION_HACK line in sources/database.php and change to:

Code


         if ((strpos(preg_replace('#\'[^\']*\'#','\'\'',str_replace('\\\'','',$_query)),' union ')!==false) || ($queries>1)) log_hack_attack_and_exit('SQL_INJECTION_HACK',$query);


Become a fan of ocPortal on Facebook or add me as a friend.

Expand: Was I helpful? Was I helpful?

Expand: Follow me on Twitter Follow me on Twitter







If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource.
Back to the top
 
Posted
Rating:
#71077
psydoc
Avatar

Community saint
Thanks, Chris. You did fix it. I upgraded to 7.1, and you had already change it from the query first to str_replace then query.

I think I understand that. Is my understanding correct?

At any rate, Chris, you and the OCP staff never cease to amaze.  :thumbs:
Back to the top
 
Posted
Rating:
#71078
Chris Graham
Avatar

ocStaff (admin)
yep


Become a fan of ocPortal on Facebook or add me as a friend.

Expand: Was I helpful? Was I helpful?

Expand: Follow me on Twitter Follow me on Twitter







If I answered something that you think should be in the documentation, please take the initiative and add it to the community documentation. We really need people to help out here and build a well-organised large support resource.
Back to the top
 
Posted
Rating:
#71080
psydoc
Avatar

Community saint
Thanks  :)
Back to the top
 
Posted
Rating:
#71093
BobS
Avatar

Community saint

psydoc said

At any rate, Chris, you and the OCP staff never cease to amaze.  :thumbs:

They are amazing. I'm beginning to wonder if they ever sleep or if we are really dealing with some seriously-evolved automatons.

Bob
Back to the top
 
Posted
Rating:
#71101
psydoc
Avatar

Community saint
I remember asking Chris if he ever slept. I think that was at least two years ago, maybe three.
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:
 Add topic 
> Forum home » Deploying

Quick reply   Contract

Your name:
Your message:
( First post )