vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Can someone do this? (https://vborg.vbsupport.ru/showthread.php?t=171377)

nine.seven 02-24-2008 09:36 PM
Can someone do this?
 
Umm.. I got this completely random voicemail this morning and I'm wondering if what he is saying is true?

http://img159.imageshack.us/my.php?i...icemaileg8.swf

Log:
Message received at 4 17 am
Hello hello David, Parker
My name would be, Hairy John
Ok
and I was just called to let you know
that i found a
fewwww
exploits in ur website
a little bit of SQL injection

dunno what he says here really
umm ill be doing a mb5 hash
that will be giving me your admin password

i would so kindly be taking that website over
in a couple hours
if u would like to go on and take a look
you have a great day


I haven't noticed anything wrong with my forums, and I don't remember installing anything weird. I am not professional at it or anything but I know my way around PHP and vbulletin (so I doubt I messed something up like that).

Only thing that has been different in a week or 2 ago I got some vbulletin errors (this was the email.. I got 8 in a row same minute.. All had a different image.. image is users avatars):

Quote:
Database error in vBulletin :

mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User [user] already has more than 'max_user_connections' active connections
/555/555/555/555/forums/includes/class_core.php on line 274

MySQL Error :
Error Number :
Date : Thursday, February 14th 2008 @ 08:07:29 AM
Script : http://555/forums/image.php?u=96&amp;dat...ine=1200931676
Referrer :
IP Address : 69.89.55.55
Username :
Classname : vb_database
:confused:

Boofo 02-24-2008 11:16 PM
First, how did he get you phone number? Second, if he was really gonna do as he said, he would have done it and THEN maybe called you or left his calling card on your site. Sounds to me like it is someone you know or who knows you.

Who's IP address is that in the error?

iogames 02-24-2008 11:21 PM
Quote:
Originally Posted by Boofo (Post 1450333)
Sounds to me like it is someone you know or who knows you.

Who's IP address is that in the error?
Once that we agreed on that: 'What did you do to him?'
IP: 69.89.55.55 = San Mateo, CA.

bobster65 02-24-2008 11:21 PM
Quote:
Originally Posted by Boofo (Post 1450333)
First, how did he get you phone number?
Would be easy if they have it on their domain record. Private domains are the way to go ;)

iogames 02-24-2008 11:27 PM
Quote:
Originally Posted by bobster65 (Post 1450338)
Would be easy if they have it on their domain record. Private domains are the way to go ;)
we need more info on this

Adrian Schneider 02-25-2008 12:46 AM
David,

Unless you have any custom code on your server (PHP) then you should be safe from any injection. The DB error is just from a restriction set by your host which you can get around if you have multiple database accounts.


All times are GMT. The time now is 06:03 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01062 seconds
  • Memory Usage 1,724KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete