Forum vb 4.1.7 - exploit TRUNCATE TABLE vb3_attachmentviews?
 

Hello all,

I have a forum with VB 4.1.7 that keeps sending me emails about database errors.

I had my hoster disable the "DROP" command to the forum mysql user, as some time ago someone managed to DROP all the tables and had to recover from a backup.
Disabling the DROP/TRUNCATE is just a workaround but i'm unable to find the real source of the problem - someone is trying to exploit somewhere.. but i don't really understand what.
maybe it has something to do about the cron jobs (?)
furthemore vbulletin keeps creating tables like vb3_aaggregate_temp_xxxx - maybe that's normal behaviour but with the DROP disabled, of course, those could't be deleted automatically and are filling my db of useless stuff.

sample error:

Code:
Database error in vBulletin 4.1.7:


Invalid SQL:
TRUNCATE TABLE vb3_attachmentviews;


MySQL Error : DROP command denied to user xxxx for table 'vb3_attachmentviews'
Error Number : 1142
Request Date : Monday, November 12th 2012 @ 04:10:16 PM
Error Date : Monday, November 12th 2012 @ 04:10:16 PM
Script : http://www.xxxx/cron.php?rand=1352733013
Referrer : http://www.xxxx/search.php?searchid=1292630
IP Address : 194.244.5.4
Username : Non registrato
Classname : vB_Database
MySQL Version :
The source IP addresses are really various so i suppose it's some kind of known bug/exploit?

Thanks!