Mysql injection for my wordpress 2.01?

  • Hi, gurus,

    tonight I found my website could be mysql injected. When I go to my webpate, it is broken and shows:

    WordPress database error: [Can’t open file: ‘wp_posts.MYI’ (errno: 145)]
    SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND 0=1 AND post_date_gmt <= ‘2006-04-10 02:51:59’ AND (post_status = “publish”) AND post_status != “attachment” GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT 0, 15

    and several other mysql errors. And
    the wp_posts table is always showing in use and I can not use myphpadmin to open it.

    Is there any way I can fix the table at this moment? I email to my webhost but didnot get their reply yet.

    thanks a lot,
    Franky

Viewing 9 replies - 1 through 9 (of 9 total)

  • It is a problem with the table that needs to have a REPAIR run on it. If you can’t get to your database there’s not much I can suggest except keep trying with your host’s support.

    Thread Starter travelsuperlink

    (@travelsuperlink)

    Thanks, Kafkaesqui,

    I am contacting my web hoster, so you mean at this moment I can not repair the wp-posts table myself, can I?

    another thing concern me is I am runing wordpress 2.01, and I try to understand how the hacker did this. I google for some but still not sure it is through the normal post or some other plugin to do the mysql injection. do you have some suggestion for me to read more about this issue?

    really appreciate. Franky

    What makes you think this was a hacker? The error is due to a simple corruption of the table. Hence the need to run a REPAIR on it (and the reason the REPAIR command exists in MySQL). But in any case it would be a good idea, once things are working normally, to upgrade to 2.0.2, since 2.0.1 does have a security hole.

    Thread Starter travelsuperlink

    (@travelsuperlink)

    oh, really? I thought the mysql command like:

    SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND 0=1 AND post_date_gmt <= ‘2006-04-10 02:51:59’ AND (post_status = “publish”) AND post_status != “attachment” GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT 0, 15

    is kinda of mysql injection, for example 1=1 AND 0=1 stuff. but I agree I really knew little about mysql injection.

    thanks, I will do the upgrade when the table is fixed.

    A SQL injection might involve that, but I wouldn’t expect to come across it as the evidence on my home page.

    What you’re seeing is WordPress performing queries on the post table. Since it cannot read the table, it spits out the errors.

    Thread Starter travelsuperlink

    (@travelsuperlink)

    I see. also when I went to my web hoster admin, I can not use the myphpadmin to read the table, its statue is always in use. Other tables look ok.

    Do you think I should try to use the database repair command to try to fix the database myself or just wait…

    Likely some process locked the posts table and didn’t let go. I typically don’t like suggesting doing something in MySQL at a point like this unless I’m confident it will work. But one thing that’ll at least get a good read on the problem is to go under the SQL tab in phpMyAdmin and enter the following:

    CHECK TABLE wp_posts;

    That will give you a brief status of the table without actually doing anything to it.

    My situation is quite simliar. The wp-posts table shows ‘USE’ always. But I can use sql language ‘REPAIR TABLE wp-posts’ to fix it. under whole wordpress database. It works.

    Just had this happen to me. Thanks to the information in this thread my frenzy of panic was immediately relieved when I went to my host’s control panel, selected the database management tool and the correct database and used the repair function. Instant relief.

    Many thanks to previous posters.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Mysql injection for my wordpress 2.01?’ is closed to new replies.