Guestbook - Error

I've been getting quite a few emails (5+ per day), the subject of which is Guestbook - Error, and which contain some technical reporting information that begins

MySQL Error : Query Error
Error Number: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Realy good site! Vist us: http://dumb-spammers.com &lt ...

There are NOT any apparent spam posts to my guestbook, which is version 2.3.1 with the visual verification patch.

Do you have any ideas about what is going on? I imagine somebody is trying unsuccessfuly to hack my guestbook.

Louis Sander
Pittsburgh, Pennsylvania
USA

It is the guestbook informing you that there has been an error. You are receiving these emails because you have your email address specified in tec_email which is in the config.inc.php file.

Good info. Any idea what might be causing the errors? I'm speculating that it's a hacker attempting to get in.

Well the message that was being posted when that error occured is blatantly a spam message. If they are receving these error messages then they are not posting via the form. Post a couple of the complete error message in here for me to peruse (remove the urls though, we don't want to help them spam here)

Here are some recent ones:

===============================
MySQL Error : Query Error
Error Number: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Realy good site! Vist us: http://xxxxxxx.com/
Date : Mon, October 17, 2005 20:28:51
IP : 80.77.90.229
Browser : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Referer : http://www.ussrankin.org/guestbook/index.php?entry=100
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_tsunami/2.0 mod_bwprotect/0.2 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.ussrankin.org
===============================
MySQL Error : Query Error
Error Number: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Realy good site! Vist us: http://xxxxxxx.com/ <a hr
Date : Mon, October 17, 2005 20:20:07
IP : 80.77.90.229
Browser : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Referer : http://www.ussrankin.org/guestbook/index.php?entry=100
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_tsunami/2.0 mod_bwprotect/0.2 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.ussrankin.org
===============================
MySQL Error : Query Error
Error Number: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Realy good site! Vist us: http://xxxxxxx.com/ <a href=
Date : Mon, October 17, 2005 19:29:35
IP : 80.77.90.229
Browser : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Referer : http://www.ussrankin.org/guestbook/index.php?entry=70
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_tsunami/2.0 mod_bwprotect/0.2 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.ussrankin.org
===============================
MySQL Error : Query Error
Error Number: 1064 You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Realy good site! Vist us: http://xxxxxxxx.com/ &lt
Date : Mon, October 17, 2005 15:19:48
IP : 80.77.90.229
Browser : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Referer : http://www.ussrankin.org/guestbook/index.php?entry=10
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_tsunami/2.0 mod_bwprotect/0.2 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.ussrankin.org
===============================

Oh damn! I forgot to remove the urls. Sorry.

Lou Sander

I get the feeling that this is comment spam. they are trying to post spam as comments. I notice you do not have the comments link so you obviously do not use them. It looks like comments cannot be posted on your site. Off the top of my head I'd say you could safely remove comment.php and lib/comment.class.php since you do not use comments. This would also stop comment spam.

In case you are interested the domain that all of them spam entries pointed to is registered as follows

Domain Name: JL-PRX.COM

Registrant:
Peashuza
Baru Kua ( kinz@baru.com )
Kin Shan 846
Mailaoku
,938393
TV
Tel. +68.482795382

As can be seen at http://houston.dnstools.com/?wwwhois=on&portNum=80&target=jl-prx.com&submit=Get+Info

Got it. Thanks!

For your general information:

Lately I've gotten some "Too many connections" messages, possibly prompted by the same hackers. One day there were 5-10 of 'em. So far, they're no trouble except for having to deal with the emailed error message.

Here's the latest one:

MySQL Error : Connection Error
Error Number: 1040 Too many connections
Date : Wed, October 26, 2005 07:07:56
IP : 61.104.162.214
Browser : Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Referer :
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_tsunami/2.0 mod_bwprotect/0.2 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.ussrankin.org

Hm I'd suggest speaking to your host about the to many connections issue. I get it a lot with an old site I no longer maintain and thats down to terrible set up of the server.