Hi,
So it would appear someone's tried to SQL inject my website, doing no damage as far as I know, but leaving me with a whole collection of Quip threads that I don't want, with titles like "9999 and 1=1" or "blog-post-44 and if(1=1,BENCHMARK(10888800,MD5(0x41)),0)", as well as a lot of "blog-post-44 union all select null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null--", with varying lengths of nulls.
I don't mind losing all my comments to sort it, but uninstalling Quip doesn't clear the database, and I don't think I have access to do that myself. Right clicking on the thread and clicking "Remove Thread" doesn't do anything, or sometimes gives an error ("quip.thread_err_nf"); and I think by trying to remove them, it's attempting (and failing) to run the SQL code against the database.
Does anyone have any thoughts? Maybe a way to access the database via code? Thanks for your help!
----
Revolution 2.0.6-pl2, on a remote server to which I only have access via the manager and ftp.