By adrien.creulant on
Sorry for my english by advance
My site was hacked by the flaw CVE-2014-3704.
Fortunately the site is under construction, but i don't have make a backup, I reinstall in 7.32.
- Removal all table via phpmyadmin
- Delete all the files on the server
- Reinstalling of the site like a first time in 7.32.
but even after reinstalling, the SQL injection continuous.(user account creation by a robot).
I make an install the module captcha but it does not not prevent injections.
Do you have an idea or a track?
Thank you in advance.
Comments
Are you sure it's a SQL
Are you sure it's a SQL injection and not just a run-of-the-mill spam bot creating user accounts?
The captcha module is here to
The captcha module is here to block spam bot ... no ?
Most CAPTCHA puzzles are
Most CAPTCHA puzzles are considered "broken" as they don't stop most spambots nor Mechanical Turks. You can try a service like Mollom and install a collection of other spam prevention modules simultaneously. Preventing spambots is a complex topic. You'd be well served to put aside a couple days just to read up on it.
If you really installed a
If you really installed a clean site, and did not overlook something, it is possible the server is compromised. If there are other sites on a server all running with the same Apache user, it is quite easy for hacker who compromises one site to infect other sites on the same server (even they are not using Drupal 7). So you may need to look more deeply at your server environment.
EDIT - just seen Codeblind's reply, which is probably right. Bots create user accounts all the time on all sites, even secure ones.
Digit Professionals specialising in Drupal, WordPress & CiviCRM support for publishers in non-profit and related sectors
the site is installed on the
the site is installed on the same server with the same user.
but there is no other site.
Should I change the user to be sure that the compromise does not come from?
The Captcha module definitely
The Captcha module definitely does NOT block spam signups. Captcha has a fairly poor record. Bots can get past it. Spammers can also buy manual captcha solving services, which some contractors in India offer for less than $10 per 1000.
If you do not want spam signups, just disable the permission allowing visitors to create accounts. If you want to reduce spam signups you can try alternative approaches. I like the Honeypot module. There are more sophisticated modules for the purpose if that does not work to your satisfaction. However Honeypot is a lightweight solution which helps in most (not all) cases in my experience.
Digit Professionals specialising in Drupal, WordPress & CiviCRM support for publishers in non-profit and related sectors
Maybe Spambot?
Maybe https://www.drupal.org/project/spambot might help?
You don't need eyes to see, you need vision ...
Anyway to point out the
Anyway to point out the obvious, hackers create one admin account when you have not granted them permission to do so. Spammers create multiple non-admin accounts when you have not disabled the default permission which allows that. So if the accounts being created are no admin accounts that is spam, not a hack.
Digit Professionals specialising in Drupal, WordPress & CiviCRM support for publishers in non-profit and related sectors
Thank you all for your help,
Thank you all for your help, my problem is solved.
It was not SQL injection, it was a spam.
I tried spambot, but i had the same problem
I removed spambot and i tried honeypot and now with this module my probleme is solved
Realy thank and realy sorry for my english
Formidable!
... And sorry for my French ... Nice to read the feedback
You don't need eyes to see, you need vision ...