On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • Hi,

    So it would appear someone's tried to SQL inject my website, doing no damage as far as I know, but leaving me with a whole collection of Quip threads that I don't want, with titles like "9999 and 1=1" or "blog-post-44 and if(1=1,BENCHMARK(10888800,MD5(0x41)),0)", as well as a lot of "blog-post-44 union all select null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null--", with varying lengths of nulls.

    I don't mind losing all my comments to sort it, but uninstalling Quip doesn't clear the database, and I don't think I have access to do that myself. Right clicking on the thread and clicking "Remove Thread" doesn't do anything, or sometimes gives an error ("quip.thread_err_nf"); and I think by trying to remove them, it's attempting (and failing) to run the SQL code against the database.

    Does anyone have any thoughts? Maybe a way to access the database via code? Thanks for your help!

    ----
    Revolution 2.0.6-pl2, on a remote server to which I only have access via the manager and ftp.
    • 2.0.6?! Wow...

      Your host does not provide access to the database? PhpMyAdmin maybe?
      • Quote from: opengeek at Sep 25, 2013, 11:50 AM
        2.0.6?! Wow...

        Your host does not provide access to the database? PhpMyAdmin maybe?

        Well, I can see the database tables (Reports->System Info->Database Tables), but I don't see any options for editing them.
        • I have on occasion installed my own phpMyAdmin, when I only had FTP access to the server.
            Studying MODX in the desert - http://sottwell.com
            Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
            Join the Slack Community - http://modx.org