September 21, 2023 1:03am? 209.38.200.253 (Germany)???? Blocked for SQL Injection in POST body: _POST = efgh'-@')union select database(),2,user()#'
September 21, 2023 1:03am? 209.38.200.253 (Germany)???? Blocked for SQL Injection in POST body: _POST = efgh'-@')union select database(),2,user()#'
September 21, 2023 1:03am? 209.38.200.253 (Germany)???? Blocked for SQL Injection in POST body: _POST = efgh'-@')union select database(),2,user()#'
Is this beyond the shortcode capabilities? If not how do I fix it to make it work?
<?php require_once('https://pabirds.org/Connections/siteguide2018.php'); ?>
<?php require_once('https://pabirds.org/webassist/mysqli/rsobj.php'); ?>
<?php
$Recordset1 = new WA_MySQLi_RS("Recordset1",$siteguide2018,0);
$Recordset1->setQuery("SELECT * FROM publications");
$Recordset1->execute();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<div>
<p>Test PHP/SQL</p>
<p> </p>
</div>
<p> </p>
<?php
$wa_startindex = 0;
while(!$Recordset1->atEnd()) {
$wa_startindex = $Recordset1->Index;
?>
<div>
<p><?php echo($Recordset1->getColumnVal("PubFileName")); ?></p>
</div>
<?php
$Recordset1->moveNext();
}
$Recordset1->moveFirst(); //return RS to first record
unset($wa_startindex);
unset($wa_repeatcount);
?>
</body>
</html>I’m not the person who initially set up this WordPress installation and configured Wordfence, so I’m not aware of all option that were changed. I’ve looked through all the options in Wordfence, but have not seen anything that looked an option to permanently ban an IP after a single attack attempt.
]]>All sites are being bombarded by bots adding items and categories to “wishlist” and also trying to run sql queries.
The firewall is blocking the malicious requests.
These attemped exploits are tying up resources and making the basket monitoring inaccurate.
Apart from buying the paid for version, where you can force users to register or disabling plugin, is there any way around the issue ?
]]>I started getting like 50-100 contact form subscriptions all from russian email addresses. And now the website is completely defaced. I am currently manually reinstalling wordpress, but there are some files in the root directory which seem suspicious to me, but i am not sure if i can delete them or not.
Can somebody help lead me in the right direction here?
I would really appreciate it.
Alex
]]>LINE 686 : $linkquery .= ” AND l.link_id = ” . $_GET[‘linkid’]
to
LINE 686 : $linkquery .= ” AND l.link_id = ” . (int) $_GET[‘linkid’]
]]>https://www.ads-software.com/plugins/wordfence/
]]>$tablerows = $wpdb->get_results( "SELECT <code>login_id</code>, <code>login_ip</code>,<code>login_attempts</code>,<code>attempt_time</code>,<code>locked_time</code> FROM <code>$tablename</code> WHERE <code>login_ip</code> = '$ip' ORDER BY <code>login_id</code> DESC LIMIT 1 " );The variable $ip is populated by this function
function getip(){
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
if($ip=='::1'){
$ip = '127.0.0.1';
}
}
return $ip;
}So if someone sends an X-Forwarded-For HTTP header with a malicious SQL injection payload, they could overwrite your query and hack your database.
https://www.ads-software.com/plugins/wp-limit-login-attempts/
]]>