Issues at coasters2k

If you guys haven't noticed there's a spam bot plaguing Coasters2k at the moment. He has already hacked both my and TCs account there. If you guys could have a look and suggest some potential solutions that will be great. The hacker is currently hosting Six Flags Fiesta's account.[V]

tharts cus it is sixflagsfiesta

shame on you mikey[:D]

[Mikey]

I closed my account on C2K when I gave up my controlling interest to TConwell. I think its showing up my name because I am the user #1, and that's what will show up if you inject SQL.

[Oscar]

yeah, sql injection = unsanitized coding somewhere.He can delete everything, load a backup and load a backup db but that means it will only happen again since the exploit is still there.

Yup. I've been trying to figure out what's up and have messaged the Snitz folks. Oscar, as info for you, we even reloaded the forums from SCRATCH and still it exists. Gotta be a SQL injection somewhere (I agree) ... but where is most definitely the question. We've been keeping up with updates, etc., -- but yeah, this is an issue for the experts.

[Oscar]

Check the track exchange or othert custom coding you have.

Originally posted by TConwell

this is an issue for the "experts".

i hope you use that word lightly [blah]

[Mikey]

now everyone get this mind blowing picture of mikey having her in the shower.

great isnt it

!

Restore the db, lock all the tables relating to the user or security (anything with passwords or permissions information) then monitor the logs for access errors. You should be able to spot an error thrown from a routine that shouldn't be accessing those tables.

Man, Shaggy needs to ditch that 'stash. I'm hearing Shaggy but I'm seeing Lando Calrissian.