HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


SQL_Injection_hack

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#71018 (In Topic #14986)
Avatar

Community saint

Hi everyone, I just recently added a new category to our forums in OCF. Within the last few hours, everyone who attempts to enter the category receives the message, "An Error Has Occurred", The website software has detected what may be a hacking attempt. The stack trace indicates it is an SQL injection hack. My server log doesn't even record the error, so it is difficult to add anything. I am still using 5.0.2 :$ Any ideas on what I should do? I would post the full stack trace, but I am even having trouble getting this to post. :(
Back to the top
 
Posted
Rating:
#71019
Avatar

Hi,

Could you forward the hack-attack notification that would have been sent to your staff address to chris@ocportal.com.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#71021
Avatar

Community saint

Hi Chris,

I just forwarded the message to you.

Thanks,
Keith
Back to the top
 
Posted
Rating:
#71022
Avatar

Community saint

Hey Chris,

I found the problem. It was an advertisement function from Forbes.com. Once I removed the offending post in the forum, all was right with the world, again.  :)

I have just completed an upgrade to 7.1. I have just a few issues with my old theme, and once that is done, the world will continue to spin on its axis once again, and we can all begin to breath naturally.  :lol:

Thank you so very much for all the great work you do with OCP. I recommend OCP every chance I get. The flexibility of your script is phenomenal.

Regards,
psydoc (Keith)
Back to the top
 
Posted
Rating:
#71023
Avatar

Community saint

psydoc said

… an advertisement function from Forbes.com.

I recommend OCP every chance I get. The flexibility of your script is phenomenal.
WB Keith. Been absent for too long, but there again, if you are mixing with the 'Forbes Rich' it is probably understandable!

 :lol:

Take my advice. I'm not using it!

View my working ocPortal site (version 9.x.x) at Anglo-Indian Portal
Back to the top
 
Posted
Rating:
#71025
Avatar

Community saint

 :lol:  :lol:  :lol:

Hey Fletch,

Unfortunately, I don't mix with the 'Forbes Rich', I just post articles from there, once in a while.

Thanks for the welcome. I hope everything is going well with you, and everyone at OCP.  :thumbs:
Back to the top
 
Posted
Rating:
#71026
Avatar

Community saint

btw Terry, may I use your ITOD, "Miss Airport 2011"?
Back to the top
 
Posted
Rating:
#71030
Avatar

Community saint

Help yourself Keith. I can send you all 13 zipped if you want to stagger them.

The 13th is …

Health Tip

 :lol:

Take my advice. I'm not using it!

View my working ocPortal site (version 9.x.x) at Anglo-Indian Portal
Back to the top
 
Posted
Rating:
#71032
Avatar

Community saint

 :lol:  :lol:  :lol:  :lol:  :lol:  :lol:  :lol:

I would love to post those. Do you still have my email?
Back to the top
 
Posted
Rating:
#71033
Avatar

Community saint

On its way …


Take my advice. I'm not using it!

View my working ocPortal site (version 9.x.x) at Anglo-Indian Portal
Back to the top
 
Posted
Rating:
#71034
Avatar

Community saint

Thanks, Terry!

I love your site. You have done a lot with it since I looked at it last.
Back to the top
 
Posted
Rating:
#71058
Avatar

lol


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#71059
Avatar

Right. The SQL injection checker did not like:

Didn't Save Union Jobs

because the apostrophe in the query looks like a string section is being ended then 'union' is SQL to join queries together (hackers often use it to inject malicious queries). I'll see if we can make the scanner smarter here.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#71060
Avatar

Hmm, we already fixed it.

Look for the SQL_INJECTION_HACK line in sources/database.php and change to:

Code


         if ((strpos(preg_replace('#\'[^\']*\'#','\'\'',str_replace('\\\'','',$_query)),' union ')!==false) || ($queries>1)) log_hack_attack_and_exit('SQL_INJECTION_HACK',$query);


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#71077
Avatar

Community saint

Thanks, Chris. You did fix it. I upgraded to 7.1, and you had already change it from the query first to str_replace then query.

I think I understand that. Is my understanding correct?

At any rate, Chris, you and the OCP staff never cease to amaze.  :thumbs:
Back to the top
 
Posted
Rating:
#71078
Avatar

yep


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#71080
Avatar

Community saint

Thanks  :)
Back to the top
 
Posted
Rating:
#71093
Avatar

Community saint

psydoc said

At any rate, Chris, you and the OCP staff never cease to amaze.  :thumbs:

They are amazing. I'm beginning to wonder if they ever sleep or if we are really dealing with some seriously-evolved automatons.

Bob
Back to the top
 
Posted
Rating:
#71101
Avatar

Community saint

I remember asking Chris if he ever slept. I think that was at least two years ago, maybe three.
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: