cf-talk  

Re: Don't leave stuff lying around

Douglas Jordon
Wed, 22 May 2002 07:31:22 -0700

We try to avoid this by requiring a query string so that even if someone 
brings up the file, it won't run. You have to read the instructions and 
copy/paste the query string to get any action.

Webapper wrote:
> Richard, this is great advice from your pain, I have seen very large sites
> badly hit by this sort of issue, also the robots can cause issues with stale
> code/features.  Has anyone come across or used any sort of
> Stale-Code-Sniffer capability/utility?
> 
> Mike Brunt, CTO Webapper
> http://www.webapper.com
> Tel: 562.243.6255
> Instant Messaging
> AIM: webappermb
> Webapper, Downey CA Office
> 
> "Webapper - Making the NET Work"
> 
> 
> -----Original Message-----
> From: Richard Meredith-Hardy [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 5:29 AM
> To: CF-Talk
> Subject: Don't leave stuff lying around
> 
> 
> This morning I got into work to discover >3000 error messages generated
> since 4:30 yesterday afternoon with more pouring in by the minute.
> 
> I had something of a panic attack as the site has been running with no
> errors for months.  As it turned out, I had inadvertently left an old
> "one time" CF script on the server which had rebuilt a stored proc to a
> now-redundant version and was easy enough to undo.
> 
> What had done this?  IP traces from the site's logs showed the request
> to this rogue script coming from inside the client's gateway. At first I
> suspected someone there who didn't know what they were doing had simply
> been fiddling with the site, but as it turned out, they were running a
> badly configured copy of webtrends which was itself requesting pages
> that appear in the logfiles.  It seems that Webtrends decided to go and
> check it out by requesting it - probably to ascertain its status code,
> and in so doing invoked the stored procedure deletion / re-creation.
> 
> Moral:  Don't leave stuff lying around.
> 
> --
> Regards;
> 
> Richard Meredith-Hardy
> -------------------------------------------------------------
> [EMAIL PROTECTED]
> Mob: + 44 7771 526513
> 
> 
______________________________________________________________________
Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists