If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Guestbook - Error  XML
Forum Index » Advanced Guestbook Forum
Author Message
LSander
Beginner

Joined: 08/08/2003 16:41:32
Messages: 28
Location: Pittsburgh, PA
Offline

I've been getting quite a few emails (5+ per day), the subject of which is Guestbook - Error, and which contain some technical reporting information that begins

MySQL Error : Query Error
Error Number: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Realy good site! Vist us: http://dumb-spammers.com &lt ...

There are NOT any apparent spam posts to my guestbook, which is version 2.3.1 with the visual verification patch.

Do you have any ideas about what is going on? I imagine somebody is trying unsuccessfuly to hack my guestbook.

Louis Sander
Pittsburgh, Pennsylvania
USA
[WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

It is the guestbook informing you that there has been an error. You are receiving these emails because you have your email address specified in tec_email which is in the config.inc.php file.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
LSander
Beginner

Joined: 08/08/2003 16:41:32
Messages: 28
Location: Pittsburgh, PA
Offline

Good info. Any idea what might be causing the errors? I'm speculating that it's a hacker attempting to get in.
[WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Well the message that was being posted when that error occured is blatantly a spam message. If they are receving these error messages then they are not posting via the form. Post a couple of the complete error message in here for me to peruse (remove the urls though, we don't want to help them spam here)

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
LSander
Beginner

Joined: 08/08/2003 16:41:32
Messages: 28
Location: Pittsburgh, PA
Offline

Here are some recent ones:

===============================
MySQL Error : Query Error
Error Number: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Realy good site! Vist us: http://xxxxxxx.com/
Date : Mon, October 17, 2005 20:28:51
IP : 80.77.90.229
Browser : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Referer : http://www.ussrankin.org/guestbook/index.php?entry=100
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_tsunami/2.0 mod_bwprotect/0.2 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.ussrankin.org
===============================
MySQL Error : Query Error
Error Number: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Realy good site! Vist us: http://xxxxxxx.com/ <a hr
Date : Mon, October 17, 2005 20:20:07
IP : 80.77.90.229
Browser : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Referer : http://www.ussrankin.org/guestbook/index.php?entry=100
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_tsunami/2.0 mod_bwprotect/0.2 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.ussrankin.org
===============================
MySQL Error : Query Error
Error Number: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Realy good site! Vist us: http://xxxxxxx.com/ <a href=
Date : Mon, October 17, 2005 19:29:35
IP : 80.77.90.229
Browser : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Referer : http://www.ussrankin.org/guestbook/index.php?entry=70
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_tsunami/2.0 mod_bwprotect/0.2 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.ussrankin.org
===============================
MySQL Error : Query Error
Error Number: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Realy good site! Vist us: http://xxxxxxxx.com/ &lt
Date : Mon, October 17, 2005 15:19:48
IP : 80.77.90.229
Browser : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Referer : http://www.ussrankin.org/guestbook/index.php?entry=10
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_tsunami/2.0 mod_bwprotect/0.2 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.ussrankin.org
===============================
[WWW]
LSander
Beginner

Joined: 08/08/2003 16:41:32
Messages: 28
Location: Pittsburgh, PA
Offline

Oh damn! I forgot to remove the urls. Sorry.

Lou Sander
[WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

I get the feeling that this is comment spam. they are trying to post spam as comments. I notice you do not have the comments link so you obviously do not use them. It looks like comments cannot be posted on your site. Off the top of my head I'd say you could safely remove comment.php and lib/comment.class.php since you do not use comments. This would also stop comment spam.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

In case you are interested the domain that all of them spam entries pointed to is registered as follows

Domain Name: JL-PRX.COM

Registrant:
Peashuza
Baru Kua ( kinz@baru.com )
Kin Shan 846
Mailaoku
,938393
TV
Tel. +68.482795382


As can be seen at http://houston.dnstools.com/?wwwhois=on&portNum=80&target=jl-prx.com&submit=Get+Info

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
LSander
Beginner

Joined: 08/08/2003 16:41:32
Messages: 28
Location: Pittsburgh, PA
Offline

Got it. Thanks!
[WWW]
LSander
Beginner

Joined: 08/08/2003 16:41:32
Messages: 28
Location: Pittsburgh, PA
Offline

For your general information:

Lately I've gotten some "Too many connections" messages, possibly prompted by the same hackers. One day there were 5-10 of 'em. So far, they're no trouble except for having to deal with the emailed error message.

Here's the latest one:

MySQL Error : Connection Error
Error Number: 1040 Too many connections
Date : Wed, October 26, 2005 07:07:56
IP : 61.104.162.214
Browser : Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Referer :
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_tsunami/2.0 mod_bwprotect/0.2 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.ussrankin.org
[WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Hm I'd suggest speaking to your host about the to many connections issue. I get it a lot with an old site I no longer maintain and thats down to terrible set up of the server.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
 
Forum Index » Advanced Guestbook Forum
Go to:   
Based on the open source JForum