Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 02-24-2008, 09:36 PM
nine.seven nine.seven is offline
 
Join Date: Dec 2006
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Can someone do this?

Umm.. I got this completely random voicemail this morning and I'm wondering if what he is saying is true?

http://img159.imageshack.us/my.php?i...icemaileg8.swf

Log:
Message received at 4 17 am
Hello hello David, Parker
My name would be, Hairy John
Ok
and I was just called to let you know
that i found a
fewwww
exploits in ur website
a little bit of SQL injection

dunno what he says here really
umm ill be doing a mb5 hash
that will be giving me your admin password

i would so kindly be taking that website over
in a couple hours
if u would like to go on and take a look
you have a great day


I haven't noticed anything wrong with my forums, and I don't remember installing anything weird. I am not professional at it or anything but I know my way around PHP and vbulletin (so I doubt I messed something up like that).

Only thing that has been different in a week or 2 ago I got some vbulletin errors (this was the email.. I got 8 in a row same minute.. All had a different image.. image is users avatars):

Quote:
Database error in vBulletin :

mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: User [user] already has more than 'max_user_connections' active connections
/555/555/555/555/forums/includes/class_core.php on line 274

MySQL Error :
Error Number :
Date : Thursday, February 14th 2008 @ 08:07:29 AM
Script : http://555/forums/image.php?u=96&amp;dat...ine=1200931676
Referrer :
IP Address : 69.89.55.55
Username :
Classname : vb_database
Reply With Quote
  #2  
Old 02-24-2008, 11:16 PM
Boofo's Avatar
Boofo Boofo is offline
 
Join Date: Mar 2002
Location: Des Moines, IA (USA)
Posts: 15,776
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

First, how did he get you phone number? Second, if he was really gonna do as he said, he would have done it and THEN maybe called you or left his calling card on your site. Sounds to me like it is someone you know or who knows you.

Who's IP address is that in the error?
Reply With Quote
  #3  
Old 02-24-2008, 11:21 PM
iogames's Avatar
iogames iogames is offline
 
Join Date: Jan 2007
Location: Las Vegas, NV.
Posts: 1,433
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
Sounds to me like it is someone you know or who knows you.

Who's IP address is that in the error?
Once that we agreed on that: 'What did you do to him?'
IP: 69.89.55.55 = San Mateo, CA.
Reply With Quote
  #4  
Old 02-24-2008, 11:21 PM
bobster65's Avatar
bobster65 bobster65 is offline
 
Join Date: Mar 2006
Location: Montana
Posts: 1,169
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Boofo View Post
First, how did he get you phone number?
Would be easy if they have it on their domain record. Private domains are the way to go
Reply With Quote
  #5  
Old 02-24-2008, 11:27 PM
iogames's Avatar
iogames iogames is offline
 
Join Date: Jan 2007
Location: Las Vegas, NV.
Posts: 1,433
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by bobster65 View Post
Would be easy if they have it on their domain record. Private domains are the way to go
we need more info on this
Reply With Quote
  #6  
Old 02-25-2008, 12:46 AM
Adrian Schneider's Avatar
Adrian Schneider Adrian Schneider is offline
 
Join Date: Jul 2004
Posts: 2,528
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

David,

Unless you have any custom code on your server (PHP) then you should be safe from any injection. The DB error is just from a restriction set by your host which you can get around if you have multiple database accounts.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:40 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04513 seconds
  • Memory Usage 2,218KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete