beddows Posted November 21, 2008 Share Posted November 21, 2008 I administer an Invision board & the mysql error log is showing the below: I don't understand it, but it looks suspicious. the IP address shown is my own. Now, we had flashchat on this board and we were hacked. I believe this log ,might be from the day I changed the password to the database & removed flashchat. Date: Mon, 17 Nov 2008 02:31:06 -0600 Error Number: 2013 Error: Lost connection to MySQL server during query IP Address: 154.5.5.90 Page: /index.php?s=a9ba67c082dd0c6301aaffb36d121651&act=Search&CODE=<META+HTTP-EQUIV=\"refresh\"+CONTENT=\"0%3Burl=JaVaS%26%2399%3BRiPt:alert(471610030187)%3B\">&k=880ea6a14ea49e853634fbdc5015a024 mySQL query error: INSERT INTO ibf_sessions (id,member_name,member_id,member_group,login_type,running_time,ip_address,browser,location,in_error,location_1_type,location_1_id,location_2_type,location_2_id,location_3_type,location_3_id) VALUES('51efda67789f456917730928ba10fa5a','',0,2,0,1226909275,'154.5.5.90','Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)','Search,0,<META HTTP-EQUIV="refresh" CONTENT="0;url=JaVaScRiPt:alert(471610030187);">',0,'',0,'',0,'',0) =================================================== Date: Mon, 17 Nov 2008 02:31:06 -0600 Error Number: 2013 Error: Lost connection to MySQL server during query IP Address: 154.5.5.90 Page: /index.php?s=a9ba67c082dd0c6301aaffb36d121651&act=<META+HTTP-EQUIV=\"refresh\"+CONTENT=\"0%3Burl=JaVaS%26%2399%3BRiPt:alert(471540029722)%3B\">&CODE=04&k=880ea6a14ea49e853634fbdc5015a024 mySQL query error: INSERT INTO ibf_sessions (id,member_name,member_id,member_group,login_type,running_time,ip_address,browser,location,in_error,location_1_type,location_1_id,location_2_type,location_2_id,location_3_type,location_3_id) VALUES('a07287440ce34dc15a1f542edf9ad555','',0,2,0,1226909274,'154.5.5.90','Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)','idx,0,04',0,'',0,'',0,'',0) Quote Link to comment https://forums.phpfreaks.com/topic/133595-can-anyone-tell-me-what-this-means/ Share on other sites More sharing options...
beddows Posted November 21, 2008 Author Share Posted November 21, 2008 oops, That one I think was caused by my activity. It is this one I am wondering about. I banned the ip ranges here to be on the safe side. They are in Taiwan & Brazil & would not be interested in this forum. Thst is why I suspect these are hacking attempts. =================================================== Date: Thu, 20 Nov 2008 07:18:40 -0600 Error Number: 2013 Error: Lost connection to MySQL server during query IP Address: 140.130.101.5 Page: /index.php mySQL query error: INSERT INTO ibf_sessions (id,member_name,member_id,member_group,login_type,running_time,ip_address,browser,location,in_error,location_1_type,location_1_id,location_2_type,location_2_id,location_3_type,location_3_id) VALUES('d2857212ba202465d9cde2e8221acb66','',0,2,0,1227186017,'140.130.101.5','libwww-perl/5.79','idx,0,',0,'',0,'',0,'',0) =================================================== Date: Thu, 20 Nov 2008 07:20:05 -0600 Error Number: 2013 Error: Lost connection to MySQL server during query IP Address: 140.130.101.5 Page: /index.php mySQL query error: INSERT INTO ibf_sessions (id,member_name,member_id,member_group,login_type,running_time,ip_address,browser,location,in_error,location_1_type,location_1_id,location_2_type,location_2_id,location_3_type,location_3_id) VALUES('f0dabf87b04c37e89e9ba3ecf6f66806','',0,2,0,1227186100,'140.130.101.5','Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6','idx,0,',0,'',0,'',0,'',0) =================================================== Date: Thu, 20 Nov 2008 11:38:19 -0600 Error Number: 2013 Error: Lost connection to MySQL server during query IP Address: 189.34.127.8 Page: /index.php mySQL query error: INSERT INTO ibf_sessions (id,member_name,member_id,member_group,login_type,running_time,ip_address,browser,location,in_error,location_1_type,location_1_id,location_2_type,location_2_id,location_3_type,location_3_id) VALUES('96cd45ee4c28cf027a07adc3cfee12e7','',0,2,0,1227200813,'189.34.127.8','Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; MRA 4.6 (build 01425); .NET CLR 1.1.4322; .NET CLR 2.0.50727)','idx,0,',0,'',0,'',0,'',0) =================================================== Date: Thu, 20 Nov 2008 16:38:29 -0600 Error Number: 2013 Error: Lost connection to MySQL server during query IP Address: 68.148.2.47 Page: /index.php?act=Login&CODE=01 mySQL query error: UPDATE ibf_sessions SET member_name='',member_id=0,member_group=2,login_type=0,running_time=1227219325,location='Login,0,01',in_error=0,location_1_type='',location_1_id=0,location_2_type='',location_2_id=0,location_3_type='',location_3_id=0 WHERE id='fc8231a33cc7d1c85aa6a6f75c36efaa' =================================================== Date: Thu, 20 Nov 2008 17:01:47 -0600 Error Number: 2013 Error: Lost connection to MySQL server during query IP Address: 199.64.0.252 Page: /index.php? mySQL query error: UPDATE ibf_sessions SET member_name='bluedually',member_id=3401,member_group=3,login_type=0,running_time=1227221105,location='idx,0,',in_error=0,location_1_type='',location_1_id=0,location_2_type='',location_2_id=0,location_3_type='',location_3_id=0 WHERE id='1fa601ed824b2d7591adda6b4b1acad8' =================================================== Date: Thu, 20 Nov 2008 17:01:59 -0600 Error Number: 2013 Error: Lost connection to MySQL server during query IP Address: 199.64.0.252 Page: /index.php? mySQL query error: UPDATE ibf_sessions SET member_name='bluedually',member_id=3401,member_group=3,login_type=0,running_time=1227221127,location='idx,0,',in_error=0,location_1_type='',location_1_id=0,location_2_type='',location_2_id=0,location_3_type='',location_3_id=0 WHERE id='1fa601ed824b2d7591adda6b4b1acad8' =================================================== Date: Thu, 20 Nov 2008 17:07:13 -0600 Error Number: 2013 Error: Lost connection to MySQL server during query IP Address: 199.64.0.252 Page: /index.php? mySQL query error: UPDATE ibf_sessions SET member_name='bluedually',member_id=3401,member_group=3,login_type Quote Link to comment https://forums.phpfreaks.com/topic/133595-can-anyone-tell-me-what-this-means/#findComment-694952 Share on other sites More sharing options...
corbin Posted November 21, 2008 Share Posted November 21, 2008 It looks like it's just dropping the connection. Not sure why. Do you have a weird firewall setup or something? Or they could be exploiting something to try to make it drop the connection, but I don't think the user is doing it on purpose. Only way to know for sure will be if something is a dead give away that it's an attack, or if someone you know gets the error (well gets an error, and the error log has their IP). Quote Link to comment https://forums.phpfreaks.com/topic/133595-can-anyone-tell-me-what-this-means/#findComment-695061 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.