Lack of interest Associate IP address to error log entry

[ManOnDaMoon]

I suggest that each server error log entry, especially those without an associated account, shoud be associated with the visitor IP address.

Why ?

Today I found something funny in my error log:

Zend_Db_Statement_Mysqli_Exception: Mysqli prepare error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DESC LIMIT 20' at line 9 - library/Zend/Db/Statement/Mysqli.php:77
Généré par: Compte inconnu, hier à 17:31

with the following request:

array(3) {
  ["url"] => string(110) "http://kosminea.fr/libraries/oeuvres-litt%C3%A9raires-et-des-beaux-arts.42/?order=title'+and+(4=4+xor+4=6)--+a"
  ["_GET"] => array(1) {
    ["order"] => string(28) "title' and (4=4 xor 4=6)-- a"
  }
  ["_POST"] => array(0) {
  }
}

SQL injection tryouts?

Well, I would have loved to ban or at least nastily discourage the smart user IP. Unfortunately, it is not displayed within the log entry in admin.php?logs/server-error. Or is it visible elsewhere?

 

[Jeremy]

Its not displayed, but this is however, tracked. You can see it (although, without the periods in it) directly in the database

 

[tenants]

select ip_address from xf_error_log where message like "%title'%"

Stick the long ip address into this converter:
http://www.smartconversion.com/unit_conversion/IP_Address_Converter.aspx

Bringing the IP address to the error logs is useful (not everyone wants to query databases)

 

[Paul B]

I have removed the embedded video from the above post due to the profanity displayed in the title.

 

[ManOnDaMoon]

Thanks for the tip. I've banned the corresponding IP retrieved from the logs.

Still maintaining the suggestion for an easier access to this data, especially since it is stored in the DB.