Author Topic: Hacking attempt  (Read 1639 times)

Offline BrianOlsen

  • Junior Phone Loser
  • **
  • Posts: 23
  • 1337 13V3L: +0/-0
Hacking attempt
« on: April 17, 2007, 06:39:23 PM »
When I run a query remotely to my server , I get an error saying that there is a Hacking attempt....  This is what I'm running

Code: [Select]
// Only execute anything if the banners table doesn't exist.
$toSet = array();
// Just the enable option
$toSet['banner_enabled'] = 1;

// Create Banners Table
db_query("CREATE TABLE IF NOT EXISTS {$db_prefix}banners
(ID_BANNER int(7) NOT NULL auto_increment,
IMAGEURL varchar(100) NOT NULL default '',
ALTTEXT tinytext NOT NULL,
REDIRECT varchar(100) NOT NULL default '',
WINDOW tinyint(4) NOT NULL default '0',
ZONE varchar(10) NOT NULL default 'bottom',
DATE varchar(20) NOT NULL default '',
COUNT int(11) NOT NULL default '0',
VIEW int(11) NOT NULL default '0',
WIDTH int(11) NOT NULL default '468',
HEIGHT int(11) NOT NULL default '60',
PRIMARY KEY (ID_BANNER),
UNIQUE (ID_BANNER)) TYPE = MyISAM COMMENT = 'Banners Table';", __FILE__, __LINE__);

// Create Google AdSense Table
db_query("CREATE TABLE IF NOT EXISTS {$db_prefix}google_adsense (
  client varchar(32) NOT NULL default '',
  format varchar(16) NOT NULL default '',
  width int(4) NOT NULL default '468',
  height int(4) NOT NULL default '60',
  channel varchar(16) NOT NULL default '',
  type varchar(16) NOT NULL default '',
  border varchar(6) NOT NULL default 'CCFF99',
  bg varchar(6) NOT NULL default 'CCFFCC',
  link varchar(6) NOT NULL default '4490B4',
  url varchar(6) NOT NULL default '009900',
  text varchar(6) NOT NULL default '999999',
  PRIMARY KEY (client)
) TYPE = MyISAM COMMENT = 'Google AdSense';", __FILE__, __LINE__);

// Insert default Google AdSense date
db_query("INSERT INTO {$db_prefix}google_adsense (`client` , `format` , `width` , `height` , `channel` , `type` , `border` , `bg` , `link` , `url` , `text`) VALUES ('', '', '468', '60', '', '', 'CCFF99', 'CCFFCC', '4490B4', '009900', '999999');", __FILE__, __LINE__);

// Check if the table is empty, only insert if so.
$request = db_query("SELECT * FROM {$db_prefix}banners", __FILE__, __LINE__);
if (mysql_num_rows($request) == 0)
{
  // The ONE setting - I like my foreach tho
foreach ($toSet as $key => $value) {
$result = db_query("INSERT IGNORE INTO {$db_prefix}settings (`variable`, `value`) VALUES ('$key', '$value');", __FILE__, __LINE__);
}
}
?>

Any ideas?

Offline Reverend Greed

  • PLA Guru
  • *****
  • Posts: 224
  • 1337 13V3L: +42/-7
Re: Hacking attempt
« Reply #1 on: April 17, 2007, 09:14:58 PM »
Hello,

You have way too many semicolons.

Find EVERY single one of:

Code: [Select]
;", __FILE__, __LINE__);
And replace with:

Code: [Select]
", __FILE__, __LINE__);
Reboot America