Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted December 12, 200915 yr I got this automated mail this morning: Dear admin, An error has been generated on your forums. You are being sent this notification based on your error log notification settings in the Admin Control Panel. This error meets the criteria for errors that you have set to be notified about. The error code is: 5031 The error message is: We use an authorization key to verify you really submitted the form, and the authorization key was not supplied with your form submission or was invalid. Please go back, reload the form and try to submit it again. The user who saw this error is: Guest The IP address of this user is: [deleted] Please login to your Admin Control Panel to use the error log viewer tool for further information. I went ACP and I can see this in error log: What am I dealing here with?
December 12, 200915 yr It's an attempted SQL injection into your board. The user is attempting to run some SQL by passing it in with the URL. The board is trapping it, because the auth_key part of the URL is incorrect. (Even if they got the auth_key correct,the URL they are trying to use is only valid if they are a moderator.) InVision have been public about this potential explot, and fixed it in 3.0.5.
December 12, 200915 yr You had someone try to exploit one of the issues patched in 3.0.5: If you've not already upgraded to 3.0.5, you should do so as soon as possible. Note, though, that since it was a guest that tried this, it never would have succeeded even on earlier versions. This was probably just some script kiddie who didn't even bother to read about what they were trying to do.
December 12, 200915 yr Author Ahhh....thank you very much guys :) Always appreciated :) Yeah, I'm still with 3.0.4, because I saw some posts about apparent issues with 3.0.5
December 12, 200915 yr This was probably just some script kiddie who didn't even bother to read about what they were trying to do. Epic... IPS out! lol...
December 12, 200915 yr I'd consider banning that IP too (after checking it's not in use by one of your members) , I'd guess it was not one of those who tried this though anyway. :)
December 12, 200915 yr I was getting these for a while and then it stopped, I was never aware it was an SQL injection attempt. Of course they didn't succeed in doing whatever it was they were trying to do and got tired. It makes me a bit more worried now that I know it was an SQL injection attempt to exploit the board software, I didn't know it at the time and didn't ban the IP address..
December 12, 200915 yr Author Actually, I found more info about the issue: Potent malware link infects almost 300,000 webpages
December 13, 200915 yr That's not necessarily the same issue. What you experienced was a specific exploit for a specific forum software. And this exploit will only ever work for users who already have moderator privileges on the forum in question.
December 25, 200915 yr I just got this error this morning and I'm running 3.0.5. EDIT: It's from a Google IP.
Archived
This topic is now archived and is closed to further replies.