Today vBulletin sent me the following email (database error) with the title "vBulletin (Upgrade) Database Error":
This looks like some kind of MySQL injection. Is there a way to prevent this? I'm running vBulletin 4.0.3 (forums only). I've blocked the IP address in my server's firewall.
UPDATE: It appears that the IP address belongs to one of my admins just after the incident occurred (had a different IP before that), but he's unable to perform SQL injections because he only has basic computer knowledge.
Code:
Database error in vBulletin 4.0.3: Invalid SQL: ALTER TABLE user ADD birthday_search DATE NOT NULL DEFAULT '0000-00-00'; MySQL Error : Duplicate column name 'birthday_search' Error Number : 1060 Request Date : Tuesday, May 25th 2010 @ 10:53:11 AM Error Date : Tuesday, May 25th 2010 @ 10:53:11 AM Script : http://www.techlifezone.com/install/upgrade_300.php?step=1 Referrer : http://www.techlifezone.com/install/upgrade_300.php?rand=1274777576 IP Address : 122.174.160.230 Username : Classname : vB_Database MySQL Version : 5.0.90-community
UPDATE: It appears that the IP address belongs to one of my admins just after the incident occurred (had a different IP before that), but he's unable to perform SQL injections because he only has basic computer knowledge.
Comment