This morning I got into work to discover >3000 error messages generated
since 4:30 yesterday afternoon with more pouring in by the minute.

I had something of a panic attack as the site has been running with no
errors for months.  As it turned out, I had inadvertently left an old
"one time" CF script on the server which had rebuilt a stored proc to a
now-redundant version and was easy enough to undo.

What had done this?  IP traces from the site's logs showed the request
to this rogue script coming from inside the client's gateway. At first I
suspected someone there who didn't know what they were doing had simply
been fiddling with the site, but as it turned out, they were running a
badly configured copy of webtrends which was itself requesting pages
that appear in the logfiles.  It seems that Webtrends decided to go and
check it out by requesting it - probably to ascertain its status code,
and in so doing invoked the stored procedure deletion / re-creation.

Moral:  Don't leave stuff lying around.


Richard Meredith-Hardy
Mob: + 44 7771 526513
This list and all House of Fusion resources hosted by The place for 
dependable ColdFusion Hosting.

Reply via email to