vForums Support :: vForums :: Support :: Odd thing in Security Log - View Topic
 |  |
| Nick
Very Senior Member
![[Avatar]](http://uploads.vforums.co.uk/forums/support/f_5e7b1402b305d883af97446b2fedc6c2_1-eog.jpeg)
Posts: 3,012
Status: Offline
Gender: Male
Location: vForums
Age: 34
Joined:
pmwww | | Odd thing in Security Log (31st Dec 10 at 1:55am UTC) | | Forum URL: http://idirectory.vforums.co.uk
Problem:
Yesterday at 8:11pmguestRequested the password to be reset for the account with the username "\'; delete from members where 1 or username = \'".Members***.***.***.155
Yesterday at 8:10pmguestRequested the password to be reset for the account with the username "\"\'; delete from members where 1 or username = \'\"".Members***.***.***.155
Yesterday at 8:10pmguestRequested the password to be reset for the account with the username "\"\'; delete from member where 1 or username = \'\"".Members***.***.***.155
Yesterday at 8:10pmguestRequested the password to be reset for the account with the username "\"\'; delete from customers where 1 or username = \'\"".Members***.***.***.155
Yesterday at 8:08pmguestRequested the password to be reset for the account with the username "\'".Members***.***.***.155
Yesterday at 8:07pmguestRequested the password to be reset for the account with the username "\' or 1".Members***.***.***.155
I don't know what they were trying to do, but it seemed as they had some type of access through something as statcounter shows this from the same IP address:
December 29th 201007:58:10 PMPage Viewsupport.idirectory.us/news/79/advertisements-other-stuff/action/delete_topic/ The topic is still there, and I can view it just fine. The IP says they are from the UK.
That is also the same day I noticed 3 of our recent ads were deleted, and today they are back. I've changed my password just in case, But if they had my account info, they would have done real damage. Now I'm not quite sure what to think about this.
Thanks. | |
| Marc
vChat Developer
I <3 Rossy
Posts: 3,388
Status: Offline
Gender: Male
Location: Ontario, Canada
Age: 31
Joined:
Additional Groups:
Coding Team
pmwww | | Re: Odd thing in Security Log (31st Dec 10 at 3:23am UTC) | | It looks like someone was trying to see if they could exploit the server to delete your members and topics. I find it pretty funny, actually, that someone would think such a well-established forum system would forget to do basic escape functions on user inputs. 
However, a (very) poor attempt or not, this person does seem to be attempting to cause damage, so I think we'll leave this one for Rossy to see what he wants to do.
EDIT: Just to clarify, I don't think this is anything you need to worry about in terms of having been compromised, as VF is very well designed and not easily susceptible to such attempts to mess with things.  | |
rroll.to— Shorten a link, rickroll your friends. |
| Nick
Very Senior Member
Posts: 3,012
Status: Offline
Gender: Male
Location: vForums
Age: 34
Joined:
pmwww | | Re: Odd thing in Security Log (31st Dec 10 at 4:17am UTC) | | Ok Cool. I'm more worried about the site than anything else. I know the forum can be brought back easily. Just my site cannot. Even though I do make backups. and I lost 3 ads, and didn't have the right back up. I do now. But today they came back after that person saw my recent post about how odd it was to lose 3 newly added ads.
edit:
Though they wouldn't know where to go for my cPanel, or the username/password. Plus I keep the password extra secure, and the only one who knows is my trusted coder. and he'll never give up my passwords.
edit 2: I also contacted my host, they said they see the IP address in their security log, but everything seems to look normal. They told me to change my passwords which of course I did, and to check scripts, and anything odd out of the ordinary. Everything seems to be good. So they just tried to get on iD only. Somehow they did get ahold of something as I said and deleted the 3 newest ads. and then they re-uploaded the database back. Only reason why I know is, because I submitted a fake site yesterday, and today that site is gone, and everything is back to normal. | |
| Ross
Administrator
![[Avatar]](http://uploads.virtualforums.co.uk/forums/pokemon/vforums-qr1.png)
Posts: 3,709
Status: Offline
Gender: Male
Age: 8 1⁄1
Joined:
Additional Groups:
Support Team
pmwwwgtalkvForum | | Re: Odd thing in Security Log (1st Jan 11 at 11:41pm UTC) | | Sounds like someone with a grudge against you or your site.
As Marc said, they tried and failed to attack the forum system. So long as your website has good enough security in place too then you shouldn't have to worry. | |
|
| Nick
Very Senior Member
Posts: 3,012
Status: Offline
Gender: Male
Location: vForums
Age: 34
Joined:
pmwww | | Re: Odd thing in Security Log (2nd Jan 11 at 5:42pm UTC) | | I don't know why?  I never did anything to anyone. and I rarely even deleted ads, last time I did was like 6 months ago, and I knew the person, and had a site like 4Chan with nudity, which obviously broke my TOS, my host's TOS, and vF TOS. and the person understood. But other than that. I don't know. All I know is they came from the other service. | |
| |
 |  |
|
