Beyond pissed

[Spring]

My site has had all of it's tables dropped TWICE I CAN'T FIND THE INJECTION, can anyone help?

 

http://www.threechan.org/e/

 

http://www.threechan.org/e/phpfreaks.txt

 

please, someone help

[Pikachu2000]

Have you looked at your Apache logs to see if there are any odd entries that may contain POST or GET requests that indicate someone was attempting to inject you?

[PFMaBiSmAd]

Have you checked if there are any 'new' files (ones you didn't put on the server) or changed files (your files but the size/date don't match your source files) or if your database contains any php code (if you are processing templates using an eval() statement), in case someone has uploaded/stored a rootkit php script onto your site?

 

Posting your code would actually be a quicker way to find security problems in it.

[PFMaBiSmAd]

Unless you are specifically using a mysqli_multi_query statement in your code (a mysql_query statement does not support multiple queries) or you have code that allows external sql statements to be executed, your tables are not being dropped through SQL injection.

 

SQL injection in a select query, for example, would allow things like outputting all the records in the table or satisfying a login test so that someone could become logged in as an administrator. But you could not directly drop table(s) using sql injection.

 

If it is not on, turn on your mysql query log. It will show you which queries are being executed under which database username. If the query is actually a drop table query or a delete query, you should limit the privileges that the database username has so that your scripts can only perform any expected select/update/insert query statements.

 

Edit: Hopefully, you don't actually have a drop table query in your code that accepts an external table name? Which is why posting the code is quicker, someone doesn't need to guess what is it doing that could allow the problem.

[Spring]

I fixed this a few weeks ago, sorry for not letting you all know!