Кто-то ломает сайт

[p_sheremet 0]

Вопрос в службу поддержки. В логах у себя сегодня обнаружил следующего плана сообщение:

Цитата:

 

MYSQL ERROR REPORT
- 26/06/2013 06:06:22
---------------------------------------
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%20%20/*,0)

and p.produc' at line 7

SELECT distinct * FROM
products p,
products_to_categories p2c,
products_description pd WHERE
p.products_id=pd.products_id
and p.products_id = p2c.products_id
and p2c.categories_id IN (1000181111111111111%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45)%20--%20%20/*,0)

and p.products_fsk18!=1
and p.products_image <> '.jpg' and p.products_quantity > 0 and pd.language_id = '1'
group by p.products_id
order by pd.products_viewed DESC limit 50
---------------------------------------
Server Name : armenergosnab.ru
Remote Address: 2a00:ab00:103:178:132:204:85:0
Referer :
Requested : /index.php?sort=price&direction=desc&cat=1000181111111111111%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45)%20--%20%20/*
Trace Back : redirector.php:282(includearray(1) {; [0]=>; string(39) "index.php"; }; ) => index.php:57(includearray(1) {; [0]=>; string(58) "includes/modules/default.php"; }; ) => includes/modules/default.php:37(includearray(1) {; [0]=>; string(59) "includes/modules/featured.php"; }; ) => includes/modules/featured.php:106(vamDBqueryarray(1) {; [0]=>; &string(835) "SELECT distinct * FROM; products p,; products_to_categories p2c,; products_description pd WHERE; p.products_id=pd.products_id; and p.products_id = p2c.products_id; and p2c.categories_id IN (1000181111111111111%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45)%20--%20%20/*,0); ; and p.products_fsk18!=1; and p.products_image <> '.jpg' and p.products_quantity > 0 and pd.language_id = '1'; group by p.products_id; order by pd.products_viewed DESC limit 50"; }; ) => includes/application_top.php:210(vam_db_queryarray(1) {; [0]=>; &string(835) "SELECT distinct * FROM; products p,; products_to_categories p2c,; products_description pd WHERE; p.products_id=pd.products_id; and p.products_id = p2c.products_id; and p2c.categories_id IN (1000181111111111111%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45)%20--%20%20/*,0); ; and p.products_fsk18!=1; and p.products_image <> '.jpg' and p.products_quantity > 0 and pd.language_id = '1'; group by p.products_id; order by pd.products_viewed DESC limit 50"; }; ) => inc/vam_db_query.inc.php:34(vam_db_errorarray(3) {; [0]=>; &string(835) "SELECT distinct * FROM; products p,; products_to_categories p2c,; products_description pd WHERE; p.products_id=pd.products_id; and p.products_id = p2c.products_id; and p2c.categories_id IN (1000181111111111111%20UNION%20SELECT%20CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45)%20--%20%20/*,0); ; and p.products_fsk18!=1; and p.products_image <> '.jpg' and p.products_quantity > 0 and pd.language_id = '1'; group by p.products_id; order by pd.products_viewed DESC limit 50"; [1]=>; &int(1064); [2]=>; &string(226) "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%20%20/*,0); ; and p.produc' at line 7"; }; )

 

 

- вопрос единственный - как расшифровать (или где смотреть) что за IP у этого злоумышленника:

Remote Address: 2a00:ab00:103:178:132:204:85:0

 

p.s. Раньше у меня просто в лог писались обычного вида IP.

[support 447]

Смысла в ip нет.

 

Вы лучше обновите свой магаизн до текущей версии.

[p_sheremet 0]

спс.

только это проблема (обновить), т.к. уже перелопачено много кода...

[support 447]

Понятно.

 

Вам решать конечно, в текущей версии в том числе и эта проблема исправлена, насколько я помню.