Legacy Hacker bot

[motd2]

Hacker bot persistently climbs in /dbtreview.php?do=ajax&act=front_select
In the words "select" (so I set) triggered "die" and sends the report by email.
It's thousands emails with the request /dbtreview.php?do=ajax&act=front_select

Disable scanning "select"
If you go /dbtreview.php?do=ajax&act=front_select

Invalid SQL:

                                SELECT
                                        rr.*,
                                        rc.catname,
                                        u.username
                                FROM dbtech_review_reviews rr
                                LEFT JOIN dbtech_review_categories rc ON rr.catid = rc.catid
                                LEFT JOIN user u ON rr.userid = u.userid
                                WHERE
                                        rr.instanceid   = 1 &&
                                        ((rr.approved   = 1) || ((rr.userid = 1) && (rr.approved        = 0))) &&
                                        rr.catid                IN (0,0) &&
                                        rr.deleted      = 0 &&
                                        rr.pub_date     < 1487452705
                                ORDER BY

                                LIMIT
                                        0, 5;

MySQL Error   : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT
                                        0, 5' at line 16

Option, which will remove the database error
dbtech/review/includes/class_module.php

			switch($sort)
			{
				case 'newest':
					$orderby = 'rr.reviewid DESC';
					break;
				case 'highest':
					$orderby = 'rr.user_rating_weight DESC, rr.reviewid DESC';
					break;
				case 'comment':
					$orderby = 'rr.comm_count DESC, rr.reviewid DESC';
					break;
				case 'username':
					$orderby = 'u.username, rr.reviewid DESC';
					break;

below to add

				default: 
					$orderby = 'rr.reviewid DESC';

no database errors

//
It would be super if you have removed the word "select" from the product.

//

Many where not valid code is used...
dbtech/review/includes/class_module.php

<option value=\"newest\" selected>" . $vbphrase['dbtech_review_sort_latest'] . "</options>

It starts with option ends options
extra s of 8 lines

navbar
dbtreview.php?ri=review&do=main
there are many &, not only in navbar

:RpS_wink:

 

[Fillip H.]

I hotfixed the Gallery and Review mods to add the default statements to the sort orders.

 

[DragonByte Technologies]

Hello motd2,

This ticket has now been closed with the status Implemented.

We hope your issue or question has been addressed to your satisfaction. If not, please feel free to re-open it by clicking this link.

If you have any further issues or questions, please feel free to start a new support ticket via the button at the top of every page.

Thank you!