How to get roaches out of my database

This began on the post "Please help me speed up my site." I solved most of the speed problem by removing some plugins.

However, when drmike suggested I look at my error logs it was like looking under a rug and finding roaches.

In summary, some users signed up on my site and left their own shopping carts. Even though I deleted their messages and then deleted the users, they still left a lot of their links to shopping carts in my database. If the links were dead, maybe it would not matter. But they generate continuous errors even when my site is not otherwise active.

I have attached a PDF file with a list of many of the errors that continue to appear. All the links shown have nothing to do with my site, nor do I even want to associate with them.

I am looking for suggestions on how I can find these unwanted files in my database and delete them.

A related question is how to prevent this kind of thing from happening.

Thanks for your help,

Ed

  • Mason

    Hiya Berry,

    A great deal of those errors appear to be caused by a plugin that is using the table 'vt_users'. Not sure which one that would be (unless that's your custom table for the default wordpress 'users').

    How did you go about deleting the users? Did they also create sites? If so, are the sites still active? You'll want to delete those as well.

    I'll ask a couple other database guru's to respond here as there seems to be multiple issues here, but let's start there.

    Thanks!

  • exberry

    Hi Mason,

    Thanks for your comment. None of the users I deleted created sites. I do not allow users to create sites. One user added a lot of material on what seemed to be a page that I did not create. But I could not find the page. I could see the user's entries only when I clicked on the users name in admin. But somehow, this user's entries were visible to others because one of my good users brought the bad guy to my attention.

    I deleted users via admin. Perhaps they have left pages that I have not found. Is there any way I can scan my site to find such unwanted pages?

    I used phpAdmin to look at my database tables. I have 315 tables and none begin with "vt" They all begin with "wp" Did I look in the wrong place?

    I added the latest error log from this morning. My site is very slow now because of this. I will sure appreciate help on how to solve this problem.

    Thanks,

    Ed

  • exberry

    UPDATE:

    I reinstalled WP 3.04. This definitely improved things. There was garbage planted in the WP code. The speed is much better and the errors are different. Gone are the really bad errors. But I still have a few errors left. Because the errors are fewer, I will put three typical errors in text below:

    [Tue Jan 11 14:07:22 2011] [error] [client 75.106.0.38] Invalid URI in request GET /../images/sidebar-top.png HTTP/1.1, referer: http://www.eczema.net/apple_cider_vinegar_for_eczema_treatment.html

    [Tue Jan 11 14:07:27 2011] [warn] RewriteCond: NoCase option for non-regex pattern '-f' is not supported and will be ignored.

    [Tue Jan 11 14:07:30 2011] [error] [client 173.68.67.178] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.

    The first one above indicates there is some garbage in a sidebar but I cannot find anything unusual in any of my sidebars under Widgets. Any ideas?

    I don't understand the second and third above. Do they mean anything to you?

    Thanks,

    Ed

  • exberry

    Aaron,

    You are correct. That is not my site being linked. I deleted the only image I had in a sidebar (an Amazon ad) and so far this error has not reoccurred.

    Here is my .htaccess: (I have Bulletproof turned off)
    _____________________________________________________

    # BULLETPROOF .45.6 >>>>>>> SECURE .HTACCESS

    # If for some strange reason your host does not have +FollowSymlinks enabled by default at
    # the root level then you will need to enable Options +FollowSymlinks for mod_rewrite to work.
    # If you are getting HTTP Error 500 Internal server errors and you have checked to make sure
    # everything else is set correctly then remove the # sign in front of Options +FollowSymlinks
    # below. If you are still getting 500 errors then immediately put the # sign back. All hosts
    # these days should have this enabled by default. Enabling this will actually cause 500 server
    # errors if your host has this enabled so you should probably never have to remove the # sign.
    # Options +FollowSymlinks

    # The Most Common Apache Directives to force PHP5 to be used instead of PHP4
    # Some web hosts have very specific directives - check with your web host first.
    # Remove the pound sign in front of AddType x-mapp-php5 .php for 1&1 web hosting
    # AddType x-mapp-php5 .php
    # Other common possibilities depending on your web host - check with your web host first.
    # AddHandler application/x-httpd-php5 .php
    # AddHandler cgi-php5 .php

    Options -Indexes

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]

    # uploaded files
    RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

    # add a trailing slash to /wp-admin
    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
    RewriteRule . index.php [L]

    # END WordPress

    # Plugin conflicts will be handled case by case instead of removing filters
    # for the entire Plugins folder

    # SFC Simple Facebook Connect Redirect Fix
    # If you have WordPress installed in a subfolder you will need to add the
    # subfolder name to the Rewriterule /blog/wp-login.php?action=register [R=301,L]
    RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC,OR]
    RewriteCond %{REQUEST_URI} ^/simple-facebook-connect/ [NC]
    RewriteRule ^(.*)$ /wp-login.php?action=register [R=301,L]

    # Ozh' Admin Drop Down Menu Display Fix
    # If you have WordPress installed in a subfolder you will need to add the
    # subfolder name to the RewriteCond /blog/wp-content/plugins/ozh-admin-drop-down-menu/ [NC]
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/ozh-admin-drop-down-menu/ [NC]
    RewriteRule . - [S=15]

    # ComicPress Manager ComicPress Theme Image Fix
    # If you have WordPress installed in a subfolder you will need to add the
    # subfolder name to the RewriteCond /blog/wp-content/plugins/comicpress-manager/ [NC]
    RewriteCond %{REQUEST_URI} ^/wp-content/plugins/comicpress-manager/ [NC]
    RewriteRule . - [S=15]

    # FILTER REQUEST METHODS
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
    RewriteRule ^(.*)$ - [F,L]

    # QUERY STRING EXPLOITS
    RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
    RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
    RewriteCond %{QUERY_STRING} tag\= [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|’|"|;|\?|\*|=$).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||:wink:.* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
    RewriteRule ^(.*)$ - [F,L]

    # DENY PUBLIC ACCESS TO YOUR wp-config.php File
    <files wp-config.php>
    order allow,deny
    deny from all
    </files>

    # DENY PUBLIC ACCESS TO YOUR php.ini file.
    <Files php.ini>
    order allow,deny
    deny from all
    </Files>

    # DENY PUBLIC ACCESS TO YOUR php5.ini file.
    <Files php5.ini>
    order allow,deny
    deny from all
    </Files>

    _____________________________________________________

    Here are the latest errors:

    PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/ixedts.lin' - /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ixedts.lin: undefined symbol: executor_globals_id in Unknown on line 0

    [Tue Jan 11 15:12:23 2011] [error] [client 66.147.240.176] File does not exist: /usr/local/apache/htdocs/wp-app.php

    [Tue Jan 11 15:12:23 2011] [error] [client 65.55.55.220] Failed loading ixed.lin: ixed.lin: cannot open shared object file: No such file or directory

    [Tue Jan 11 15:12:23 2011] [error] [client 67.51.153.114] Invalid method in request \x16\x03\x01

    [Tue Jan 11 15:12:23 2011] [error] [client 67.51.153.114] File does not exist: /usr/local/apache/htdocs/501.shtml

    [Tue Jan 11 15:12:25 2011] [notice] cannot use a full URL in a 401 ErrorDocument directive --- ignoring!

    [Tue Jan 11 15:12:26 2011] [error] [client 65.55.55.220] Failed loading ixed.lin: ixed.lin: cannot open shared object file: No such file or directory

    [Tue Jan 11 15:12:27 2011] [error] [client 66.249.67.232] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 for query SELECT user_status FROM vt_users WHERE id = LIMIT 1 made by product_display_default

    ... The above error repeats many times. This is the same "vt_users' as before but without the time-consuming links.

  • exberry

    UPDATE:
    I have replaced all WP and Theme code. So I assume code is now clean. It helped a lot but there are still continuing errors.

    Do you have any idea what is causing these errors below or what steps I can take to locate their source. None of the references and links here are part of my project.

    Is there a way to search my users by IP address?

    'vt_users' is not in my WP database. Notice the 'referer' changes in the different queries.

    If you were to insert links to other sites inside a WP database, where would you hide them?

    Thanks, Ed

    _________________________________________________________

    [Wed Jan 12 08:43:05 2011] [error] [client 182.7.8.239] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 for query SELECT user_status FROM vt_users WHERE id = LIMIT 1 made by product_display_default, referer: http://www.shopafilia.com/

    [Wed Jan 12 08:43:05 2011] [error] [client 182.4.185.183] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 for query SELECT user_status FROM vt_users WHERE id = LIMIT 1 made by product_display_default, referer: http://www.shopafilia.com/product.php?category=37&page_number=17

    [Wed Jan 12 08:43:05 2011] [error] [client 182.7.8.239] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 for query SELECT user_status FROM vt_users WHERE id = LIMIT 1 made by product_display_default, referer: http://www.shopafilia.com/

    [Wed Jan 12 08:43:05 2011] [error] [client 182.7.8.239] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 for query SELECT user_status FROM vt_users WHERE id = LIMIT 1 made by product_display_default, referer: http://www.shopafilia.com/

    [Wed Jan 12 08:43:05 2011] [error] [client 182.4.185.183] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 for query SELECT user_status FROM vt_users WHERE id = LIMIT 1 made by product_display_default, referer: http://www.shopafilia.com/product.php?category=37&page_number=17

    [Wed Jan 12 08:43:06 2011] [error] [client 182.7.8.239] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 for query SELECT user_status FROM vt_users WHERE id = LIMIT 1 made by product_display_default, referer: http://www.shopafilia.com/

    [Wed Jan 12 08:43:06 2011] [error] [client 182.4.185.183] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 for query SELECT user_status FROM vt_users WHERE id = LIMIT 1 made by product_display_default, referer: http://www.shopafilia.com/product.php?category=37&page_number=17

    [Wed Jan 12 08:43:07 2011] [warn] RewriteCond: NoCase option for non-regex pattern '-f' is not supported and will be ignored.

    [Wed Jan 12 08:43:09 2011] [error] [client 77.249.203.59] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.dopenewhouse.com/

    [Wed Jan 12 08:43:09 2011] [error] [client 77.249.203.59] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.dopenewhouse.com/

    [Wed Jan 12 08:43:10 2011] [warn] RewriteCond: NoCase option for non-regex pattern '-f' is not supported and will be ignored.

    [Wed Jan 12 08:43:10 2011] [warn] RewriteCond: NoCase option for non-regex pattern '-f' is not supported and will be ignored.

    [Wed Jan 12 08:43:10 2011] [warn] RewriteCond: NoCase option for non-regex pattern '-f' is not supported and will be ignored.

    [Wed Jan 12 08:43:14 2011] [error] [client 125.163.165.85] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 for query SELECT user_status FROM vt_users WHERE id = LIMIT 1 made by product_display_default, referer: http://www.butiklampu.com/product.php?category=16

    [Wed Jan 12 08:43:14 2011] [error] [client 125.163.165.85] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 for query SELECT user_status FROM vt_users WHERE id = LIMIT 1 made by product_display_default, referer: http://www.butiklampu.com/product.php?category=16

    [Wed Jan 12 08:43:14 2011] [error] [client 125.163.165.85] WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1 for query SELECT user_status FROM vt_users WHERE id = LIMIT 1 made by product_display_default, referer: http://www.butiklampu.com/product.php?category=16

    [Wed Jan 12 08:43:16 2011] [notice] cannot use a full URL in a 401 ErrorDocument directive --- ignoring!

    [Wed Jan 12 08:43:19 2011] [error] [client 77.249.203.59] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.dopenewhouse.com/

    [Wed Jan 12 08:43:19 2011] [error] [client 77.249.203.59] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.dopenewhouse.com/

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.