Error log and SQL inject attempts

  • jezkerw

    (@jezkerw)


    1 year ago

    Not long after I delete my error log, new ones appear with messages of what I think is failed attempts of SQL inject (not sure). I suspect that it’s bots crawling sites looking for weaknesses. Is there any clever way to prevent this and keep a clean error log? I want to avoid installing plugins like Wordfence because I try to keep plugins at a minimum, especially heavier ones.

    Not sure what they even do for the error message to appear? Add the SQL command in the login field? Search box?

    The error looks like this…

    

[08-Mar-2024 03:44:07 UTC] WordPress database error Regex error 'quantifier does not follow a repeatable item at offset 2' for query
SELECT SQL_CALC_FOUND_ROWS DISTINCT wp_posts.ID
FROM wp_posts LEFT JOIN wp_term_relationships AS tr ON (wp_posts.ID = tr.object_id)
WHERE 1=1 AND (
wp_posts.ID NOT IN (
SELECT object_id
FROM wp_term_relationships
WHERE term_taxonomy_id IN (792)
)
AND
wp_posts.ID NOT IN (
SELECT object_id
FROM wp_term_relationships
WHERE term_taxonomy_id IN (792)
)
) AND ( ((wp_posts.post_title REGEXP '\b試験の準備方法-実用的なMB-220|試験の準備方法-実用的なMB-220\b')) AND ((wp_posts.post_title REGEXP '\b資格模擬試験-真実的なMB-220|資格模擬試験-真実的なMB-220\b')) AND ((wp_posts.post_title REGEXP '\b認定テキスト|認定テキスト\b')) AND ((wp_posts.post_title REGEXP '\b??|??\b')) AND ((wp_posts.post_title REGEXP '\b?|?\b')) AND ((wp_posts.post_title REGEXP '\bwww.spamURL.com|www.goshiken.com\b')) AND ((wp_posts.post_title REGEXP '\b??で《|??で《\b')) AND ((wp_posts.post_title REGEXP '\bMB-220|MB-220\b')) AND ((wp_posts.post_title REGEXP '\b》を検索し、無料でダウンロードしてくださいMB-220受験対策|》を検索し、無料でダウンロードしてくださいMB-220受験対策\b'))) AND ( ( wp_posts.ID NOT IN ( SELECT wp_term_relationships.object_id FROM wp_term_relationships WHERE wp_term_relationships.term_taxonomy_id IN ( 792) ) )) AND wp_posts.post_type = 'post' AND ((wp_posts.post_status = 'publish' OR wp_posts.post_status = 'inherit'))
GROUP BY wp_posts.ID
ORDER BY (CASE WHEN wp_posts.post_title LIKE '%試験の準備方法-実用的なMB-220 資格模擬試験-真実的なMB-220 認定テキスト ?? ? www.goshiken.com ??で《 MB-220 》を検索し、無料でダウンロードしてくださいMB-220受験対策%' THEN 1 WHEN wp_posts.post_excerpt LIKE '%試験の準備方法-実用的なMB-220 資格模擬試験-真実的なMB-220 認定テキスト ?? ? www.spamURL.com ??で《 MB-220 》を検索し、無料でダウンロードしてくださいMB-220受験対策%' THEN 4 WHEN wp_posts.post_content LIKE '%試験の準備方法-実用的なMB-220 資格模擬試験-真実的なMB-220 認定テキスト ?? ? www.spamURL.com ??で《 MB-220 》を検索し、無料でダウンロードしてくださいMB-220受験対策%' THEN 5 ELSE 6 END), wp_posts.post_date DESC
LIMIT 0, 8
made by require('wp-blog-header.php'), wp, WP->main, WP->query_posts, WP_Query->query, WP_Query->get_posts
Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator James Huff

    (@macmanx)

    The import thing is that whatever that was failed, but you may want to implement some (if not all) of?the recommended security measures?and?start backing up your site.

    I’ll also caution that the error log is not something most people empty or check regularly, that road leads to madness. Instead, the error log is something you check when something goes wrong with your site, and you’ll only look for entries that were made within a few minutes of whatever went wrong.

    Thread Starter jezkerw

    (@jezkerw)

    Hi @macmanx. The site is backed up twice daily by the host. I’ve had devs check my files and database, and all is ok. It just annoys me that there are likely bots causing these errors and I would like to learn how it happens and how I can stop it. But at the end of the day, it’s probably likely that this is quite common and that many see the same thing in their logs.

    Moderator James Huff

    (@macmanx)

    Bots cause errors all the time, it’s not uncommon, they’re quite dumb. ??

    Think of bots as ubiquitous as spam email. It’s a fact of life of being on the Internet these days, and with good measures in place (and never checking the error log regularly like you’d never check your spam folder regularly), you’ll never even know they were there.

    The recommended security measures will keep your site safe, and plugins like https://www.ads-software.com/plugins/blackhole-bad-bots/ will take care of the dumbest bots.

    Thread Starter jezkerw

    (@jezkerw)

    @macmanx thank you for your wise words ?? I guess another aspect that bothers me is a potential risk for these bots causing errors in the log causing performance issues. But I guess this is something one has to mitigate with Cloudflare etc.

    Moderator James Huff

    (@macmanx)

    Entries in the error log, and the size of the log itself, won’t cause performance issues.

    But, if you do observe performance issues on the site, it’s a good idea to check the error log for entries within only a few minutes of the observed issue.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Error log and SQL inject attempts’ is closed to new replies.