Jump to content


Check out our Community Blogs

egon

Member Since 07 Oct 2006
Offline Last Active Mar 12 2008 07:26 PM
-----

Topics I've Started

Site getting hacked? Heavy SQL use

12 March 2008 - 05:51 PM

Hey all, I'm not good with this stuff. My DB usage has been ridiculous lately, and my friend told me I'm getting hacked. Checking apache logs gave me this the first time it happened:

---------------------------------------------------
[27/Feb/2008:12:19:11 -0800] "GET /comments/feed/ HTTP/1.1" 500 391 "-" "FeedBurner/1.0 (http://www.FeedBurner.com)" "-"
---------------------------------------------------

For whatever reason this specific request ran for 5 minutes and 40 second. While running, it issued the following mysql query:

---------------------------------------------------
SELECT option_value FROM wp_options WHERE option_name = 'siteurl'.
---------------------------------------------------

This query was issued repeatedly and rapidly for the duration of the 5 minutes and 40 seconds.

Next, which was just about an hour ago:

---------------------------------------------------
Mar 12 13:21:20 10.2.0.57 query_logger.pl[3241]: INFO: 1371783 "db22***" "***database-name***" IDX_YES 1 SELECT bb4b264131236a7f922e526e281b7db5 -- SELECT option_value FROM wp_options WHERE option_name = 'siteurl'
---------------------------------------------------

The loop was occurring 500 times per second for at least 5 minutes. The asterisks are the database name.

I'm using an outdated version of Wordpress but can't upgrade until my designer sends my new theme.

My host is busting my balls over this...can someone please help?

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download