<![CDATA[ Removing SQLi attack Quip Threads

<![CDATA[ Removing SQLi attack Quip Threads - My Forums]]> https://forums.modx.com/thread/?thread=86839 <![CDATA[Removing SQLi attack Quip Threads]]> https://forums.modx.com/thread/86839/removing-sqli-attack-quip-threads#dis-post-478638
So it would appear someone's tried to SQL inject my website, doing no damage as far as I know, but leaving me with a whole collection of Quip threads that I don't want, with titles like "9999 and 1=1" or "blog-post-44 and if(1=1,BENCHMARK(10888800,MD5(0x41)),0)", as well as a lot of "blog-post-44 union all select null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null--", with varying lengths of nulls.

I don't mind losing all my comments to sort it, but uninstalling Quip doesn't clear the database, and I don't think I have access to do that myself. Right clicking on the thread and clicking "Remove Thread" doesn't do anything, or sometimes gives an error ("quip.thread_err_nf"); and I think by trying to remove them, it's attempting (and failing) to run the SQL code against the database.

Does anyone have any thoughts? Maybe a way to access the database via code? Thanks for your help!

----
Revolution 2.0.6-pl2, on a remote server to which I only have access via the manager and ftp.]]> simonalexander2005 Sep 24, 2013, 07:29 PM https://forums.modx.com/thread/86839/removing-sqli-attack-quip-threads#dis-post-478638 <![CDATA[Re: Removing SQLi attack Quip Threads]]> https://forums.modx.com/thread/86839/removing-sqli-attack-quip-threads#dis-post-478717 ]]> sottwell Sep 25, 2013, 01:41 PM https://forums.modx.com/thread/86839/removing-sqli-attack-quip-threads#dis-post-478717 <![CDATA[Re: Removing SQLi attack Quip Threads]]> https://forums.modx.com/thread/86839/removing-sqli-attack-quip-threads#dis-post-478713 Quote from: opengeek at Sep 25, 2013, 11:50 AM

2.0.6?! Wow...

Your host does not provide access to the database? PhpMyAdmin maybe?

Well, I can see the database tables (Reports->System Info->Database Tables), but I don't see any options for editing them.]]> simonalexander2005 Sep 25, 2013, 12:48 PM https://forums.modx.com/thread/86839/removing-sqli-attack-quip-threads#dis-post-478713 <![CDATA[Re: Removing SQLi attack Quip Threads]]> https://forums.modx.com/thread/86839/removing-sqli-attack-quip-threads#dis-post-478708
Your host does not provide access to the database? PhpMyAdmin maybe?]]> opengeek Sep 25, 2013, 11:50 AM https://forums.modx.com/thread/86839/removing-sqli-attack-quip-threads#dis-post-478708