vBulletin you use is very risky

[winky8300]

hello

my forum database displays error for a week by showing

Quote:

'mybdd_db' has exceeded the 'max_user_connections' resource (current value: 150) and''

after first consulting the support of my host, I'll copy the answer

1st answer:

Quote:

Hello,

We completely removed the limit on the database to determine if the problem is the limit or not.

2nd response

Quote:

Hello,

We put your script under surveillance, and it looks like someone fun to try SQL Injection attacks guy on your vBulletin script, for example here are some detected attacks:

# # # # # # # # # # # #
Database error in vBulletin 4.2.1:

Invalid SQL:
Attack 1: SELECT * FROM WHERE userregcode userregemail ='' & cat / etc / passwd &'';
Attack 2: SELECT * FROM WHERE userregcode userregemail = '% sample 40email.tst' and (sleep (4) +1) limit 1 -;
Attack 3: SELECT * FROM WHERE userregcode userregemail & dir ='' &'';
Attack 4: SELECT * FROM WHERE userregcode userregemail'' = "\ \") |] * {<> ';
# # # # # # # # # # # #

It is therefore clear that the vBulletin version you are using is very risky to you faster to update to plug the SQL Injection vulnerability types.

what should I do for my vbulletin securiser ?

ps: my vbulletin is a day 4.2.1

thanks

[Zachery]

You have no third party addons or modifications?

[Snowhog]

Seriously consider installing ZBBlock. http://www.spambotsecurity.com/

[Zachery]

Yes, more third party addons will fix the problem

[winky8300]

after you tell them that my vbulletin is up to date
here is their answer

Quote:

Hello,

It is quite possible that it comes from module or addon non maintained a day, this the cause module comes not necessarily vBulletin.

--------------- Added [DATE]1376329162[/DATE] at [TIME]1376329162[/TIME] ---------------

Quote:

Originally Posted by Zachery

You have no third party addons or modifications?

hello

I have several addons and modifications, I do not know which is the cause

[Zachery]

You should disable them all, and wait to see if the issue persists.

[winky8300]

Quote:

Originally Posted by Zachery

You should disable them all, and wait to see if the issue persists.

thank you for your reply

we can not know the flaw after this ?

Quote:

Invalid SQL:
Attack 1: SELECT * FROM WHERE userregcode userregemail ='' & cat / etc / passwd &'';
Attack 2: SELECT * FROM WHERE userregcode userregemail = '% sample 40email.tst' and (sleep (4) +1) limit 1 -;
Attack 3: SELECT * FROM WHERE userregcode userregemail & dir ='' &'';
Attack 4: SELECT * FROM WHERE userregcode userregemail'' = "\ \") |] * {<> ';
# # # # # # # # # # # #

--------------- Added [DATE]1376330660[/DATE] at [TIME]1376330660[/TIME] ---------------

Quote:

Originally Posted by Snowhog

Seriously consider installing ZBBlock. http://www.spambotsecurity.com/

thanks ,

you think installing zbblock limit these attacks sql?

[Zachery]

I don't believe those are default queries.

[winky8300]

it's probably an addon, but I do not know which unfortunately.
there is 'there addon quarantined by vb.org ?

[Zachery]

Tons, you should disable all of your third party addons, then re-enable them oen by one and figure out which is causing the errors. I suspect something with registration.