0

My Wordpress website was down due to a database connection error.

When I looked into the cPanel error log I saw around a 100 rows that looked like these:

[Tue Apr 02 06:24:11.179218 2019] [cgi:error] [pid 31625] [client 50.3.196.173:41576] AH01215: PHP Warning: Error while sending QUERY packet. PID=31986 in /home/admin/public_html/wp-includes/wp-db.php on line 1924: /usr/local/cpanel/cgi-sys/ea-php71, referer: http://www.worldtravelawards.com/profile-4544-the-monte-carlo-beach [Tue Apr 02 06:24:11.176124 2019] [cgi:error] [pid 31617] [client 196.247.235.184:60968] AH01215: PHP Warning: Error while sending QUERY packet. PID=31998 in /home/admin/public_html/wp-includes/wp-db.php on line 1924: /usr/local/cpanel/cgi-sys/ea-php71, referer: http://www.worldtravelawards.com/profile-3005-walt-disney-world-swan-and-dolphin-resort

The referer is an external domain that somehow is accessing my wp-db.php file, causing a PHP, database-related, error. I did some research and came across subjects like "Bandwidth theft" and "Database injection", but I couldn't really find a good answer to a similar situation.

Any ideas what it could be and how to prevent this from happening? Thanks in advance!

Eduardo Baitello
  • 10,469
  • 7
  • 46
  • 74
Roy de Jong
  • 1
  • 1

1 Answers1

0

Referer does not mean anything.

A HTTP_REFERER is a header sent by a browser primarily used for analytics that shows where did the user come from. In this example, a user clicked on a link on http://www.worldtravelawards.com/profile-4544-the-monte-carlo-beach webpage that leads to your website. www.worldtravelawards.com is not their actual hostname.

See: [Error while sending QUERY packet for info about the PHP error.

Post Scriptum: Avoid posting actual IP addresses of your clients or domains of your website because it may lead to hacking attempts.

jg6
  • 318
  • 2
  • 12
  • Hi A4L, thanks for your answer. Weird thing is I have around 100 errors at the same moment from different url's, all from wordtravelawards.com. So that seems like spam, some sort of attack. Furthermore, there's no visible link on these pages to my website and worldtravelawards.com is a completely off topic domain. What worries me is that it caused a database connection error. Any thoughts on this? – Roy de Jong Apr 03 '19 at 07:23
  • Yes, I have included this link: https://stackoverflow.com/questions/30753674/error-while-sending-query-packet . It looks like you have a DB command script that produces a too big request. Make sure to sanitize all user data and check if the sql request is too big. – jg6 Apr 03 '19 at 21:42