Woooah! Mystery related to Backup mySQL

[DrByte]

I found some 56 notes in the admin activity log that said this: "ALERT: Please review for possible XSS activity:"

All (that I looked at) had my ip in front of them.

Should I be freaked out by that?

Freaked out? No.
Should you look at them? Yes.
That flag is set when it discovers that someone using your Admin has submitted data in an <input> form field that contains potentially risky content like < and > symbols such as could be used to stuff <script> tags into content.
The flag is set to tell you to make sure that you knew about the content being submitted, by basically alerting you to pay attention to those log records specifically.

If you did post the content it mentions and intended it to contain whatever it contains, then of course there's nothing to worry about.

[DrByte]

Is your "backup mystery" resolved now?

[Feznizzle]

rofl (at Rod's joke)
++++
I think (*hope*) I figured it out. I had created a bunch of tables in openoffice, turned them into html, then grabbed all the <tr> cells and dumped them into preformatted product cross-referrence sheets. The hotlinks were all domain nuetral, went something like this:
<TD STYLE="border-top: 1px solid #000000; border-right: 1px solid #000000" WIDTH=105 ALIGN=CENTER><U><A HREF="/Material_Handling_Storage/Bins_Boxes_Totes/Storage_Containers/SomeCategory">VIEW</A></U></TD>

However, due to some quirk, openoffice kept giving me hrefs like this:
<TD STYLE="border-top: 1px solid #000000; border-right: 1px solid #000000" WIDTH=105 ALIGN=CENTER><U><A HREF="file:///Material_Handling_Storage/Bins_Boxes_Totes/Storage_Containers/SomeCategory">VIEW</A></U></TD>

I just the current admin log sql, found a single warning pointing at "file://" as being the trigger.

I will def be keeping a close eye on this, can't imagine how someone could highjack my sessions! Or why, for that matter. The thought is that either it was just that "file://" business (most likely, I hope) or there was a trojan in my template or one of my mods (yikes!).

[Feznizzle]

Didn't see all your posts b4 I posted, DrByte.

I think Rod was right, the SQL going on a diet must have been the purged admin log. Though I am confused why it was so dramatic of a change in comparison to other purges. But, again, Rod had a pretty plausible explanation for that (Internal Error 500 causing restart and table repair).

As for the xss stuff, I am comfortable that I triggered it myself and it was not malicious. And I don't think I have lost anything important from the dramatic DB diet.

So yes, I think it's resolved. Thanks for the input, DrByte and Rod!