I got a series of email alerts from a certain IP (registered to trend micro) getting database errors. Shortly after my site stopped working showing me SQL errors when I try to enter it:

http://www.leftunderground.com/content/

What can I do to fix this?

The error I get is:



Database error in vBulletin 4.1.1:

Invalid SQL:
SELECT SQL_CALC_FOUND_ROWS node.nodeid AS itemid,
(node.nodeleft = 1) AS isroot, node.nodeid, node.contenttypeid, node.contentid, node.url, node.parentnode, node.styleid, node.userid,
node.layoutid, node.publishdate, node.setpublish, node.issection, parent.permissionsfrom as parentpermissions,
node.permissionsfrom, node.publicpreview, node.showtitle, node.showuser, node.showpreviewonly, node.showall,
node.showupdated, node.showviewcount, node.showpublishdate, node.settingsforboth, node.includechildren, node.editshowchildren,
node.shownav, node.hidden, node.nosearch, node.nodeleft,
info.description, info.title, info.html_title, info.viewcount, info.creationdate, info.workflowdate,
info.workflowstatus, info.workflowcheckedout, info.workflowlevelid, info.associatedthreadid,
user.username, sectionorder.displayorder, thread.replycount, parentinfo.title AS parenttitle

FROM cms_node AS node
INNER JOIN cms_nodeinfo AS info ON info.nodeid = node.nodeid

LEFT JOIN user AS user ON user.userid = node.userid
LEFT JOIN thread AS thread ON thread.threadid = info.associatedthreadid
LEFT JOIN cms_sectionorder AS sectionorder ON sectionorder.sectionid = 1
AND sectionorder.nodeid = node.nodeid
LEFT JOIN cms_node AS parent ON parent.nodeid = node.parentnode
LEFT JOIN cms_nodeinfo AS parentinfo ON parentinfo.nodeid = parent.nodeid
INNER JOIN cms_node AS rootnode
ON rootnode.nodeid = 1 AND (node.nodeleft >= rootnode.nodeleft AND node.nodeleft <= rootnode.noderight) AND node.nodeleft != rootnode.nodeleft AND node.contenttypeid <> 17 AND node.new != 1 AND ( (( (node.permissionsfrom IN (1)) OR (node.userid =1) OR ( node.permissionsfrom in (1) AND (node.parentnode IN (1,142,157) OR node.nodeid = 1) AND
node.setpublish > 0 AND node.publishdate < 1299707670 ))) OR (node.setpublish AND node.publishdate <1299707670 AND node.publicpreview > 0)) AND (node.parentnode = 1 OR sectionorder.displayorder > 0 )

ORDER BY CASE WHEN sectionorder.displayorder > 0 THEN sectionorder.displayorder ELSE 9999999 END ASC,
node.publishdate DESC LIMIT 0, 7;

MySQL Error : Can't create/write to file '/tmp/#sql_5ce1_0.MYD' (Errcode: 17)
Error Number : 1
Request Date : Wednesday, March 9th 2011 @ 04:54:30 PM
Error Date : Wednesday, March 9th 2011 @ 04:54:31 PM
Script : http://www.leftunderground.com/content/
Referrer : http://www.leftunderground.com/content/
IP Address : 70.58.230.31
Username : No Limit
Classname : vB_Database
MySQL Version : 5.0.91-community

so you cant get into admincp?

Didnt think of that. Admincp does work. The website however doesnt. When I got to http://www.leftunderground.com/forum it says its an empty directory. Does that mean mod-rewrite stopped working? I was using the advanced SEO friendly URLs.

http://www.leftunderground.com/admincp/ go in from here see the logs, you may run the maintenance see if that does it but i would ban that ip first thing

--------------- Added 09 Mar 2011 at 16:04 ---------------

yes more than likely something to do with vbseo , i dont use it maybe go to their site and ask for help also

--------------- Added 1299708336 at 1299708336 ---------------

I cringe when i hear vbseo :)

--------------- Added 1299708459 at 1299708459 ---------------

someone that knows database errors will be on soon hopefully, me i would do a restore and just ban the ip, the node error is wierd

I just rebooted the server and its working now. Weird.

Any possible ideas at what could have happened? I was on my forum when I saw the IP 150.70.64.203 online. Since its a new board Im curious to see who is online so I googled the IP, says it was registered to trend micro. Shortly after I started getting database errors from this IP in my email, here is one:



Database error in vBulletin 4.1.1:

Invalid SQL:
SELECT SQL_CALC_FOUND_ROWS node.nodeid AS itemid ,(node.nodeleft = 1) AS isroot, node.nodeid, node.contenttypeid, node.contentid, node.url, node.parentnode, node.styleid, node.userid,
node.layoutid, node.publishdate, node.setpublish, node.issection, parent.permissionsfrom as parentpermissions,
node.showrating,
node.permissionsfrom, node.publicpreview, node.shownav, node.hidden, node.nosearch


FROM cms_node AS node
LEFT JOIN cms_node AS parent ON parent.nodeid = node.parentnode INNER JOIN cms_nodecategory AS nodecat ON nodecat.nodeid = node.nodeid
AND nodecat.categoryid = 51

WHERE node.new != 1 AND ( (node.permissionsfrom IN (-1)) OR ( node.permissionsfrom in (1) AND (node.parentnode IN (1,142,157) OR node.nodeid = 1) AND
node.setpublish > 0 AND node.publishdate < 1299706884 ))AND node.new != 1 AND node.hidden = 0
AND node.contenttypeid <> 17
ORDER BY node.setpublish DESC, node.publishdate DESC LIMIT 0, 7;

MySQL Error : Can't create/write to file '/tmp/#sql_5ce1_0.MYD' (Errcode: 23)
Error Number : 1
Request Date : Wednesday, March 9th 2011 @ 04:41:24 PM
Error Date : Wednesday, March 9th 2011 @ 04:41:30 PM
Script : http://www.leftunderground.com/list/category/clientscript/clientscript/yui/connection/clientscript/clientscript/clientscript/vbulletin_md5.js?v=411
Referrer :
IP Address : 150.70.64.203
Username : Unregistered
Classname : vB_Database
MySQL Version :



Then a few minutes after that the entire site stopped working.

Edit: As I wrote this saw the same IP had opened up 10 connections to the site (according to the who is online list). I banned him using the firewall on the server. I am running 4.1.1 so I guess this is a good time to update. Any known issues in 4.1.1 that would allow something like this to occur?

trend micro is a jap virus scan online thing if i remember right

--------------- Added 1299708590 at 1299708590 ---------------

ban it 150.70.64.203

OS error code 23: Too many open files in system

You may want to talk to your host about the error.

http://www.devdaily.com/mysql/mysql-cant-create-write-file-error-message

Ok, that makes sense. Thanks to the both of you for the help.