WordPress MU

I just noticed this in my php_error.txt file:

[16-Jun-2008 16:09:13] WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''xyz''' at line 1] SELECT * FROM wp_users WHERE user_login = 'xyz''

and I have this in my apache log file

87.118.112.44 - - [16/Jun/2008:16:09:14 +0100] "GET /steve/index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+id=1/* HTTP/1.1" 200 38526 "-" "Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)"

87.118.112.44 - - [16/Jun/2008:16:09:16 +0100] "GET /steve/index.php?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/* HTTP/1.1" 200 38526 "-" "Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)"

I see them all the time too, in GET and POST requests. They never give up, but the same IPs keep hitting my blog so they're not too smart either.

BTW - You should update your MU, yours is seriously ancient and open to abuse!

I know I should - its just got pushed down my list of priorities at the moment. - a death in the family and a funeral and job hunting got in the way. Is the 1.5.x set stable yet? if it is I'll probably do it this weekend.

Yesterday I upgraded our 3 WPMU clusters from 1.3.3 to 1.5.1 and we haven't had any problems yet.

It's actually decreased page load times by around 10% too!

Thanks for that james - I guess the "Success" stories tend not to get posted

We get them all the time as well.

My favorites are the ones who add in /italian.php to the end of URLs. I'm still trying to figure that one out.