Mar 20 08:00:00 monk hphp[4252]: ALERT - MySQL error: You have an error in your SQL syntax near '' at line 1 - query: UPDATE wsnlinks_links SET importance='6' WHERE id= (attacker '68.142.249.10', file '/home/sites/www.elementlist.com/htdocs/lnx/ classes/database.php', line 171) Mar 20 08:32:31 monk hphp[4253]: ALERT - MySQL error: You have an error in your SQL syntax near '' at line 1 - query: SELECT id,title,url,description,rating,votes,validated,catid,sumofvotes,email ,time,hits,numcomments,hide,ownerid,voterips,voterids,lastedit,type,fi lename,filetitle,notify,suspect,downloads,pendingedit,funds,suspended, alias,expire,ip,inalbum,typeorder,recipurl,hitsin,recipwith,hitsinips, hitsoutips,lastcomment,related,inhidden,viewers,threadviewers,hitsinte mp,hitsouttemp,origtype,importance,parentids,timesdead,timesemailed,th readclosed,threadposters FROM wsnlinks_links WHERE id= (attacker '72.30.129.105', file '/home/sites/www.elementlist.com/htdocs/lnx/ classes/database.php', line 171) Mar 20 08:41:10 monk hphp[4251]: ALERT - MySQL error: You have an error in your SQL syntax near '' at line 1 - query: UPDATE wsnlinks_links SET downloads='1' WHERE id= (attacker '68.142.251.97', file '/home/sites/www.elementlist.com/htdocs/lnx/ classes/database.php', line 171) Mar 20 08:41:10 monk hphp[4251]: ALERT - MySQL error: You have an error in your SQL syntax near '' at line 1 - query: UPDATE wsnlinks_links SET importance='6' WHERE id= (attacker '68.142.251.97', file '/home/sites/www.elementlist.com/htdocs/lnx/ classes/database.php', line 171)
I can't really help you, but while waiting for Paul... I see that you are on quite an old version - the latest wsnlinks is now 3.4.1 I understood that some of the updates did involve security??
Perhaps it would be worth your while upgrading to the latest version?
Do you actually see these messages on your site or is it just a log somewhere? I don't see them on the site and it looks like it's just someone either manually inputing bad urls or perhaps attempting to break in (though whatever they use try try isn't included there) with no indication of sucess.
I've said in numerous emails though that versions prior to 3.3.8 are an open invitation to hackers. Those queries aren't the way to hack in, but it is very easy to hack through various PHP files.
0/5
1
2
3
4
5
This thread is closed, so you cannot post a reply.
Comments on SQL syntax error security concern
Experienced
Usergroup: Customer
Joined: Jul 28, 2005
Total Topics: 30
Total Comments: 55
My server admin has asked me to make some changes to my site because of these error messages below. It seems to be a security concern.
I'm not very familiar with SQL syntax nor do I understand what the security problem is. Can you suggest what changes I should make?
The website is http://www.elementlist.com.
Thanks.
Sample Error Messages::
Mar 20 08:00:00 monk hphp[4252]: ALERT - MySQL error: You have an
error in your SQL syntax near '' at line 1 - query: UPDATE
wsnlinks_links SET importance='6' WHERE id= (attacker
'68.142.249.10', file '/home/sites/www.elementlist.com/htdocs/lnx/
classes/database.php', line 171)
Mar 20 08:32:31 monk hphp[4253]: ALERT - MySQL error: You have an
error in your SQL syntax near '' at line 1 - query: SELECT
id,title,url,description,rating,votes,validated,catid,sumofvotes,email
,time,hits,numcomments,hide,ownerid,voterips,voterids,lastedit,type,fi
lename,filetitle,notify,suspect,downloads,pendingedit,funds,suspended,
alias,expire,ip,inalbum,typeorder,recipurl,hitsin,recipwith,hitsinips,
hitsoutips,lastcomment,related,inhidden,viewers,threadviewers,hitsinte
mp,hitsouttemp,origtype,importance,parentids,timesdead,timesemailed,th
readclosed,threadposters FROM wsnlinks_links WHERE id= (attacker
'72.30.129.105', file '/home/sites/www.elementlist.com/htdocs/lnx/
classes/database.php', line 171)
Mar 20 08:41:10 monk hphp[4251]: ALERT - MySQL error: You have an
error in your SQL syntax near '' at line 1 - query: UPDATE
wsnlinks_links SET downloads='1' WHERE id= (attacker
'68.142.251.97', file '/home/sites/www.elementlist.com/htdocs/lnx/
classes/database.php', line 171)
Mar 20 08:41:10 monk hphp[4251]: ALERT - MySQL error: You have an
error in your SQL syntax near '' at line 1 - query: UPDATE
wsnlinks_links SET importance='6' WHERE id= (attacker
'68.142.251.97', file '/home/sites/www.elementlist.com/htdocs/lnx/
classes/database.php', line 171)
Expert
Usergroup: Customer
Joined: Aug 19, 2005
Location: England
Total Topics: 391
Total Comments: 1303
I can't really help you, but while waiting for Paul... I see that you are on quite an old version - the latest wsnlinks is now 3.4.1 I understood that some of the updates did involve security??
Perhaps it would be worth your while upgrading to the latest version?
Just a thought
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
Do you actually see these messages on your site or is it just a log somewhere? I don't see them on the site and it looks like it's just someone either manually inputing bad urls or perhaps attempting to break in (though whatever they use try try isn't included there) with no indication of sucess.
I've said in numerous emails though that versions prior to 3.3.8 are an open invitation to hackers. Those queries aren't the way to hack in, but it is very easy to hack through various PHP files.