vb.org Archive - vBulletin you use is very risky

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)

- - vBulletin you use is very risky (https://vborg.vbsupport.ru/showthread.php?t=301098)

vBulletin you use is very risky

hello

my forum database displays error for a week by showing

Quote:

'mybdd_db' has exceeded the 'max_user_connections' resource (current value: 150) and''

after first consulting the support of my host, I'll copy the answer

1st answer:

Quote:

Hello,

We completely removed the limit on the database to determine if the problem is the limit or not.

2nd response

Quote:

Hello,

We put your script under surveillance, and it looks like someone fun to try SQL Injection attacks guy on your vBulletin script, for example here are some detected attacks:

# # # # # # # # # # # #
Database error in vBulletin 4.2.1:

Invalid SQL:
Attack 1: SELECT * FROM WHERE userregcode userregemail ='' & cat / etc / passwd &'';
Attack 2: SELECT * FROM WHERE userregcode userregemail = '% sample 40email.tst' and (sleep (4) +1) limit 1 -;
Attack 3: SELECT * FROM WHERE userregcode userregemail & dir ='' &'';
Attack 4: SELECT * FROM WHERE userregcode userregemail'' = "\ \") |] * {<> ';
# # # # # # # # # # # #

It is therefore clear that the vBulletin version you are using is very risky to you faster to update to plug the SQL Injection vulnerability types.

what should I do for my vbulletin securiser ?

ps: my vbulletin is a day 4.2.1

thanks

You have no third party addons or modifications?

Seriously consider installing ZBBlock. http://www.spambotsecurity.com/

Yes, more third party addons will fix the problem :rolleyes:

after you tell them that my vbulletin is up to date
here is their answer

Quote:

Hello,

It is quite possible that it comes from module or addon non maintained a day, this the cause module comes not necessarily vBulletin.

--------------- Added [DATE]1376329162[/DATE] at [TIME]1376329162[/TIME] ---------------

Quote:

Originally Posted by Zachery (Post 2438497)

You have no third party addons or modifications?

hello

I have several addons and modifications, I do not know which is the cause

You should disable them all, and wait to see if the issue persists.

Quote:

Originally Posted by Zachery (Post 2438508)

You should disable them all, and wait to see if the issue persists.

thank you for your reply

we can not know the flaw after this ?

Quote:

Invalid SQL:
Attack 1: SELECT * FROM WHERE userregcode userregemail ='' & cat / etc / passwd &'';
Attack 2: SELECT * FROM WHERE userregcode userregemail = '% sample 40email.tst' and (sleep (4) +1) limit 1 -;
Attack 3: SELECT * FROM WHERE userregcode userregemail & dir ='' &'';
Attack 4: SELECT * FROM WHERE userregcode userregemail'' = "\ \") |] * {<> ';
# # # # # # # # # # # #

--------------- Added [DATE]1376330660[/DATE] at [TIME]1376330660[/TIME] ---------------

Quote:

Originally Posted by Snowhog (Post 2438498)

Seriously consider installing ZBBlock. http://www.spambotsecurity.com/

thanks ,

you think installing zbblock limit these attacks sql?

I don't believe those are default queries.

it's probably an addon, but I do not know which unfortunately.
there is 'there addon quarantined by vb.org ?

Tons, you should disable all of your third party addons, then re-enable them oen by one and figure out which is causing the errors. I suspect something with registration.

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (8)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01631 seconds Memory Usage 1,736KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (8)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: