Still getting weird queries

  • Resolved morklavor

    (@morklavor)


    4 years, 11 months ago

    Hi all

    I’m running Ubuntu 16.04 on a VPS, WordPress 5.4 french uptodate, mysql 5.7.29, PHP 7.0.33 (because I’m stuck on Prestashop 1.6 on one of our websites), Woocommerce & all plugins up to date.
    Everything was OK until several weeks ago. There are various queries coming back constantly in our mysql process list in “sending data” status, and slowering the server in general, two examples below :

    SELECT mb_posts.ID FROM mb_posts INNER JOIN mb_ postmeta ON ( mb_posts.ID = mb_postmeta.post_id ) WHERE 1=1 AND (
    EXISTS (
    SELECT 1
    FROM mb_term_relationships
    INNER JOIN mb_term_taxonomy
    ON mb_term_taxonomy.term_taxonomy_id = mb_term_relationships.term_taxonomy_id
    WHERE mb_term_taxonomy.taxonomy = pwb-brand
    AND mb_term_relationships.object_id = mb_posts.ID
    )
    ) AND (
    ( mb_postmeta.meta_key = ‘_stock_status’ AND mb_postmeta.meta_value NOT IN (‘outofstock’) )
    ) AND mb_posts.post_type = ‘product’ AND (mb_posts.post_status = ‘publish’ OR mb_posts.post_status = ‘wc-lpc_transit’ OR mb_ posts.post_status = ‘wc-lpc_delivered’ OR mb_posts.post_status = ‘wc-lpc_anomaly’ OR mb_posts.post_status = ‘wc-lpc_ready_to _ship’) GROUP BY mb_posts.ID ORDER BY mb_posts.post_date DESC

    or

    SELECT min( min_price ) as min_price, MAX( max_price ) as max_price
    FROM mb_wc_product_meta_lookup
    WHERE product_id IN (
    SELECT ID FROM mb_posts
    LEFT JOIN mb_term_relationships ON (mb_posts.ID = mb_term_relationships.object_id) LEFT JOIN mb_term_relationships AS tt1 ON (mb_posts.ID = tt1.object_id)
    WHERE mb_posts.post_type IN (‘product’)
    AND mb_posts.post_status = ‘publish’
    AND (
    mb_term_relationships.term_taxonomy_id IN (145,81,174,34,144,85,76)
    AND
    tt1.term_taxonomy_id IN (43,56,58,57,64)
    AND
    mb_posts.ID NOT IN (
    SELECT object_id
    FROM mb_term_relationships
    WHERE term_taxonomy_id IN (7,9)
    )
    )
    )


    Any clue what could cause the problem ? the user sending the query is root on localhost so I fear we are being targeted somehow… and also often a lot of queries to the same database, in sleep status (up to 58 same queries at the same SHOW FULL PROCESSLIST) coming and going…
    I installed Wordfence and BBQ recently, I thought it would target this kind of query, but it does not probably because they come from ROOT user…
    Thank you for your reading

    H.S.

    • This topic was modified 4 years, 11 months ago by morklavor.
    • This topic was modified 4 years, 11 months ago by morklavor.
Viewing 1 replies (of 1 total)
  • Plugin Author Jeff Starr

    (@specialk)

    I’m not sure but it looks like a runaway script given the apparent complexity and specificity of the queries. Deliberately malicious requests tend to be more simple and focused, unlike the examples shown above. So my best advice would be to do some troubleshooting of your plugins, themes, scripts, etc., to determine the cause of the issue.

Viewing 1 replies (of 1 total)
  • The topic ‘Still getting weird queries’ is closed to new replies.