Support

Home Forums Community Forum Security scan fails: "Your website is vulnerable to SQL injection attacks."

Security scan fails: "Your website is vulnerable to SQL injection attacks."

Posted: August 24, 2012 at 12:14 am

Viewing 4 reply threads


lasantha muditha

August 24, 2012 at 12:14 am

My site is hosted in Godaddy.com. they inform me that Security scan fails and Your website is vulnerable to SQL injection attacks.. This is a critical issue and need to solve this in 72 hours to prevent locking the site from access. This is problem they found in their scan- “Using the POST HTTP method, Site Scanner found that : + The following resources may be vulnerable to SQL injection : + The ‘regevent_action’ parameter of the / CGI : /?page_id=164 [regevent_action=post_attendee] -–|-–|– output -–|-–|– Warning: Invalid argument supplied for foreach() in /ho […]

**WordPress database error: [You hav e an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘) ORDER BY q.id ASC’ at line 7] SELECT q.*, qg.group_name
FROM wp_events_question q”

Please help
Thank you

  • This topic was modified 12 years, 4 months ago by Seth Shoultes. Reason: This is not a pre-sales question. Moving to lite version forums


Seth Shoultes

  • Support Staff

August 24, 2012 at 12:21 am

Looks to me like you have a broken SQL statement. Not sure how any of that would make a security scan fail. What version of Event Espresso do you have installed?


lasantha muditha

August 24, 2012 at 12:31 am

Hi,
Thank you for the quick reply. I’m using 3.1.25.L version at the moment.
we had an issue of “”Event Espresso attendee data needs to be updated.Run Attendee Update Script” few days back. Then i reinstall the plugin 2 days back. Seem to be that was settled. Now i got this security scan failed notice from go daddy.
How can i fix this?.


Dave

August 24, 2012 at 6:30 am

For security purposes you should install the following plugins.

Limit Login Attempts – stops hackers from continuously trying different username and passwords
Wordpress Firewall 2 – stops sql injections and other attacks
WP-Ban – Ban those ip address who tried the above

I would also use
Hide Login to change your login from wp-admin to something else


lasantha muditha

August 24, 2012 at 6:42 am

@Dave
Really appreciate your help.

Viewing 4 reply threads

The support post ‘Security scan fails: "Your website is vulnerable to SQL injection attacks."’ is closed to new replies.

Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.

Event Espresso