[Cindyl10]

We have been being attacked for the last month and now they have begun to try and hack into our board since they haven't been able to get through our registration blocks to prevent spammers and trolls. I am running vBulletin 3.8.6 Patch Level 1 and I have spoken to our host and they have suggested I contact vbulletin which I'm trying to do but I also thought I should let you all know what's going on too as if they are able to hack me, they can then hack anyone with this mod. Here is all the info I have on it which I gave to my host

Quote:

We've been being spammed a lot and had to install a program that rejects spammers registrations as we were getting something like 100 a day. Well one person who was rejected keeps coming back to the board and when I look to see what he's doing, it says "modifying his profile". I wasn't to worried about it since I didn't think there was anything he could do to cause the site to accept his registration anyway, but each time he does it I get a database error and it looks to me like he is trying to force the board to add him as a member. This is what the error says:

Database error in vBulletin 3.8.6:

Invalid SQL:
SELECT DATEDIFF(NOW(), '2010-07-27 20:18:50') AS DAYS;;

MySQL Error : MySQL server has gone away
Error Number : 2006
Request Date : Tuesday, July 27th 2010 @ 09:56:19 PM
Error Date : Tuesday, July 27th 2010 @ 09:57:14 PM
Script : http://www.fresh-hope.com/forums/reg...p?do=addmember
Referrer : http://www.fresh-hope.com/forums/register.php?
IP Address : 94.23.18.220
Username : Naramoria
Classname : vB_Database
MySQL Version :

***************

In the line that says script is a link and at the end of the link it says: " do=addmember" which is what made me think this... Is this troll a possible hack attempt do you think or am I being paranoid?

Quote:

Hello Cynthia,

Thank you for contacting support.

It does appear that he may be attempting to use SQL Injection, however as long as your forum software is up-to-date and the latest version is installed you should certainly be safe. However, if you would like we can ban 94.23.18.220 from the server, so this way it will ensure he can't access the site or attempt any further malicious injections.

regards,
Melissa

I had them go ahead and do that. But it happened again today:

Quote:

It's happening again I'm afraid. The people who are attacking us seem very stubborn. The biggest problem is that they're pro's and constantly switch their IP's. That's why we had to install the two programs we did to intercept them. We installed them a week ago on July 23rd and since then the programs have rejected 409 registrations as spammers.

This error message is slightly different though. Here is a copy of it:

Database error in vBulletin 3.8.6:

Invalid SQL:
INSERT HIGH_PRIORITY IGNORE INTO vbstopforumspam_remotecache (date, data, spambot, field) VALUES (now(), 'martinkiday', '0', 'username');;

MySQL Error : MySQL server has gone away
Error Number : 2006
Request Date : Friday, July 30th 2010 @ 05:31:02 AM
Error Date : Friday, July 30th 2010 @ 05:32:20 AM
Script : http://www.fresh-hope.com/forums/reg...p?do=addmember
Referrer : http://www.fresh-hope.com/forums/register.php?
IP Address : 89.212.200.113
Username : martinkiday
Classname : vB_Database
MySQL Version :

I meant to add that one thing that concerns me now is that they've obviously figured out what the main program we're using to defeat them is: vbstopforumspam

Quote:

Hello Cynthia,

Thank you for your reply.

From the SQL code, it appears they are attempting to inject into the caching system. Honestly, I would strongly suggest providing those results to vBulletin, as the developers would be the best people to tell you whether you are safe from those specific attacks or not. I know from experience that vBulletin is kept up to date regularly and is protected by these type of attacks, however it certainly doesn't hurt to get a second opinion from the source itself .

Please let us know if there is anything further we may assist you with from here.

regards,
Melissa

Please let me know if perhaps you guys can help me and if my board is safe...