broni Posted December 12, 2009 Share Posted December 12, 2009 I got this automated mail this morning: Dear admin, An error has been generated on your forums. You are being sent this notification based on your error log notification settings in the Admin Control Panel. This error meets the criteria for errors that you have set to be notified about. The error code is: 5031 The error message is: We use an authorization key to verify you really submitted the form, and the authorization key was not supplied with your form submission or was invalid. Please go back, reload the form and try to submit it again. The user who saw this error is: Guest The IP address of this user is: [deleted] Please login to your Admin Control Panel to use the error log viewer tool for further information. I went ACP and I can see this in error log: What am I dealing here with? Link to comment Share on other sites More sharing options...
rct2·com Posted December 12, 2009 Share Posted December 12, 2009 It's an attempted SQL injection into your board. The user is attempting to run some SQL by passing it in with the URL. The board is trapping it, because the auth_key part of the URL is incorrect. (Even if they got the auth_key correct,the URL they are trying to use is only valid if they are a moderator.) InVision have been public about this potential explot, and fixed it in 3.0.5. Link to comment Share on other sites More sharing options...
Michael Posted December 12, 2009 Share Posted December 12, 2009 You had someone try to exploit one of the issues patched in 3.0.5: If you've not already upgraded to 3.0.5, you should do so as soon as possible. Note, though, that since it was a guest that tried this, it never would have succeeded even on earlier versions. This was probably just some script kiddie who didn't even bother to read about what they were trying to do. Link to comment Share on other sites More sharing options...
broni Posted December 12, 2009 Author Share Posted December 12, 2009 Ahhh....thank you very much guys :) Always appreciated :) Yeah, I'm still with 3.0.4, because I saw some posts about apparent issues with 3.0.5 Link to comment Share on other sites More sharing options...
mld11 Posted December 12, 2009 Share Posted December 12, 2009 This was probably just some script kiddie who didn't even bother to read about what they were trying to do. Epic... IPS out! lol... Link to comment Share on other sites More sharing options...
AndyF Posted December 12, 2009 Share Posted December 12, 2009 I'd consider banning that IP too (after checking it's not in use by one of your members) , I'd guess it was not one of those who tried this though anyway. :) Link to comment Share on other sites More sharing options...
broni Posted December 12, 2009 Author Share Posted December 12, 2009 Great idea. Just did it :) Link to comment Share on other sites More sharing options...
Gabriel Petrelli Posted December 12, 2009 Share Posted December 12, 2009 I was getting these for a while and then it stopped, I was never aware it was an SQL injection attempt. Of course they didn't succeed in doing whatever it was they were trying to do and got tired. It makes me a bit more worried now that I know it was an SQL injection attempt to exploit the board software, I didn't know it at the time and didn't ban the IP address.. Link to comment Share on other sites More sharing options...
broni Posted December 12, 2009 Author Share Posted December 12, 2009 Actually, I found more info about the issue: Potent malware link infects almost 300,000 webpages Link to comment Share on other sites More sharing options...
Michael Posted December 13, 2009 Share Posted December 13, 2009 That's not necessarily the same issue. What you experienced was a specific exploit for a specific forum software. And this exploit will only ever work for users who already have moderator privileges on the forum in question. Link to comment Share on other sites More sharing options...
mz_ Posted December 25, 2009 Share Posted December 25, 2009 I just got this error this morning and I'm running 3.0.5. EDIT: It's from a Google IP. Link to comment Share on other sites More sharing options...
FadE. Posted April 23, 2010 Share Posted April 23, 2010 I got this error from a trend mirco ip address :s Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.