Re: sql injection attempt
Yes indeed. We had some attempts to injection attack via a fake useragent variable in the CGI scope, as we were logging visiting useragents in a database table. Luckily they were not able to execute any code thanks to tight SQL permissions, but the code they were trying to execute was written to the table. I'd not even thought of that method till we saw it. But something to have an eye on. Regards, Ian. On 23/01/2013 19:09, Pete Freitag wrote: On Wed, Jan 23, 2013 at 12:57 PM, Rob Voylerobvo...@voyle.com wrote: Hi Greg As I continue to update my security processes, I'm curious Was this injection attempt at the url or at a form input. Keep in mind that vulnerabilites can come from any input that the attacker can manipulate, eg form, url, cgi, cookie variables are all game. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354042 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: sql injection attempt
Hi Greg As I continue to update my security processes, I'm curious Was this injection attempt at the url or at a form input. Thanks Rob On 22 Jan 2013 at 11:12, Greg Morphis wrote: I saw some request errors but what were they trying to do? This is what the onRequest error email showed declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag= houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:35 3998 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354030 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: sql injection attempt
It was attempted via the URL On Wed, Jan 23, 2013 at 11:57 AM, Rob Voyle robvo...@voyle.com wrote: Hi Greg As I continue to update my security processes, I'm curious Was this injection attempt at the url or at a form input. Thanks Rob On 22 Jan 2013 at 11:12, Greg Morphis wrote: I saw some request errors but what were they trying to do? This is what the onRequest error email showed declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag= houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:35 3998 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354031 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: sql injection attempt
On Wed, Jan 23, 2013 at 12:57 PM, Rob Voyle robvo...@voyle.com wrote: Hi Greg As I continue to update my security processes, I'm curious Was this injection attempt at the url or at a form input. Keep in mind that vulnerabilites can come from any input that the attacker can manipulate, eg form, url, cgi, cookie variables are all game. -- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354032 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
sql injection attempt
I saw some request errors but what were they trying to do? This is what the onRequest error email showed declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353998 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: sql injection attempt
That's hex for, ?WAITFOR DELAY '00:00:15' On Tue, Jan 22, 2013 at 11:12 AM, Greg Morphis gmorp...@gmail.com wrote: 0x57414954464F522044454C4159202730303A30303A313527 -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353999 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: sql injection attempt
Ah so they were just checking to see if they could get something to work before possibly trying anything real. Thanks! On Tue, Jan 22, 2013 at 11:15 AM, John M Bliss bliss.j...@gmail.com wrote: That's hex for, ?WAITFOR DELAY '00:00:15' On Tue, Jan 22, 2013 at 11:12 AM, Greg Morphis gmorp...@gmail.com wrote: 0x57414954464F522044454C4159202730303A30303A313527 -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354000 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: sql injection attempt
Ah so they were just checking to see if they could get something to work before possibly trying anything real. That's a pretty standard approach. If they can get the response to delay then they can mark that URL as a potential entry point to come back and explore more later. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354001 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Another weird SQL Injection attempt
Hmmm. One of my sites also had this exact attack (and some variations tried about a dozen times) yesterday also. Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_wi ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352792 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Another weird SQL Injection attempt
Never seen this before! Script in Application file, as usual, caught it before it got further... Here's what was tried: /index.cfm?action=dance.school%29%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version--40version--=MSOTlPn_View=0MSOTlPn_ShowSettings=False%27%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version%29--MSOGallery_SelectedLibrary=MSOGallery_FilterString=MSOTlPn_Button=none__REQUESTDIGEST=MSOAuthoringConsole_FormContext=MSOAC_EditDuringWorkflow=MSOSPWebPartManager_DisplayModeName=BrowseMSOWebPartPage_Shared=MSOLayout_LayoutChanges=MSOLayout_InDesignMode=MSOSPWebPartManager_OldDisplayModeName=BrowseMSOSPWebPartManager_StartWebPartEditingName=falseASB_TextDT_Props=ASB_DateTimeDT_Props=Write%23%3B%23CreatedASB_ResType_Query=__VIEWSTATE=PostList%24ctl06%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl07%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl08%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl09%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl10%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl11%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl12%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl13%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl14%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl15%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl16%24ctl26%24ctl01=nochange00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%240=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%241=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%242=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%243=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%244=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%245=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%246=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%247=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%248=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%249=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%2410=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%2411=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%2412=ctl00%24ContentP ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352784 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Another weird SQL Injection attempt
Just battled this today myself Here's some more information on it. https://isc.sans.edu/diary.html?storyid=12127 On 9/30/12 5:58 PM, Les Mizzell lesm...@bellsouth.net wrote: Never seen this before! Script in Application file, as usual, caught it before it got further... Here's what was tried: /index.cfm?action=dance.school%29%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40ve rsion--40version--=MSOTlPn_View=0MSOTlPn_ShowSettings=False%27%2F%2A%2A% 2For%2F%2A%2A%2F1%3D%40%40version%29--MSOGallery_SelectedLibrary=MSOGall ery_FilterString=MSOTlPn_Button=none__REQUESTDIGEST=MSOAuthoringConsole _FormContext=MSOAC_EditDuringWorkflow=MSOSPWebPartManager_DisplayModeNam e=BrowseMSOWebPartPage_Shared=MSOLayout_LayoutChanges=MSOLayout_InDesig nMode=MSOSPWebPartManager_OldDisplayModeName=BrowseMSOSPWebPartManager_S tartWebPartEditingName=falseASB_TextDT_Props=ASB_DateTimeDT_Props=Write% 23%3B%23CreatedASB_ResType_Query=__VIEWSTATE=PostList%24ctl06%24ctl26%24 ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostLis t%24ctl07%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl 03%24ctl00%24PostList%24ctl08%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr %24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl09%24ctl26%24ctl01=nochange ctl00%24ctl00%24bcr%24bcr%2 4ctl01%24ctl03%24ctl00%24PostList%24ctl10%24ctl26%24ctl01=nochangectl00%2 4ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl11%24ctl26%24ct l01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList% 24ctl12%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03 %24ctl00%24PostList%24ctl13%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%2 4bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl14%24ctl26%24ctl01=nochangec tl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl15%24ctl2 6%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24Pos tList%24ctl16%24ctl26%24ctl01=nochange00%24ContentPlaceHolder1%24FilterAdD efault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%240=ctl00%24Con tentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxL istMakeMore%241=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAd Car_ascxControl1%24checkBoxListMakeMore%242=ctl00%24ContentPlaceHolder1%2 4FilterAdDefault1%24filterA dCar_ascxControl1%24checkBoxListMakeMore%243=ctl00%24ContentPlaceHolder1% 24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%244= ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1% 24checkBoxListMakeMore%245=ctl00%24ContentPlaceHolder1%24FilterAdDefault1 %24filterAdCar_ascxControl1%24checkBoxListMakeMore%246=ctl00%24ContentPla ceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMake More%247=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_asc xControl1%24checkBoxListMakeMore%248=ctl00%24ContentPlaceHolder1%24Filter AdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%249=ctl00%24 ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkB oxListMakeMore%2410=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filt erAdCar_ascxControl1%24checkBoxListMakeMore%2411=ctl00%24ContentPlaceHold er1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%2 412=ctl00%24ContentP ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352785 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Another weird SQL Injection attempt
Looks like the same attack tried my servers too - too bad for them it failed. Long Live CFQueryParam amongst other little tools. Oh, and running PostgreSQL database :-) Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Sep 30, 2012, at 8:01 PM, Scott Slone wrote: Just battled this today myself Here's some more information on it. https://isc.sans.edu/diary.html?storyid=12127 On 9/30/12 5:58 PM, Les Mizzell lesm...@bellsouth.net wrote: Never seen this before! Script in Application file, as usual, caught it before it got further... Here's what was tried: /index.cfm?action=dance.school%29%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40ve rsion--40version--=MSOTlPn_View=0MSOTlPn_ShowSettings=False%27%2F%2A%2A% 2For%2F%2A%2A%2F1%3D%40%40version%29--MSOGallery_SelectedLibrary=MSOGall ery_FilterString=MSOTlPn_Button=none__REQUESTDIGEST=MSOAuthoringConsole _FormContext=MSOAC_EditDuringWorkflow=MSOSPWebPartManager_DisplayModeNam e=BrowseMSOWebPartPage_Shared=MSOLayout_LayoutChanges=MSOLayout_InDesig nMode=MSOSPWebPartManager_OldDisplayModeName=BrowseMSOSPWebPartManager_S tartWebPartEditingName=falseASB_TextDT_Props=ASB_DateTimeDT_Props=Write% 23%3B%23CreatedASB_ResType_Query=__VIEWSTATE=PostList%24ctl06%24ctl26%24 ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostLis t%24ctl07%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl 03%24ctl00%24PostList%24ctl08%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr %24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl09%24ctl26%24ctl01=nochange ctl00%24ctl00%24bcr%24bcr%2 4ctl01%24ctl03%24ctl00%24PostList%24ctl10%24ctl26%24ctl01=nochangectl00%2 4ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl11%24ctl26%24ct l01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList% 24ctl12%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03 %24ctl00%24PostList%24ctl13%24ctl26%24ctl01=nochangectl00%24ctl00%24bcr%2 4bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl14%24ctl26%24ctl01=nochangec tl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24PostList%24ctl15%24ctl2 6%24ctl01=nochangectl00%24ctl00%24bcr%24bcr%24ctl01%24ctl03%24ctl00%24Pos tList%24ctl16%24ctl26%24ctl01=nochange00%24ContentPlaceHolder1%24FilterAdD efault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%240=ctl00%24Con tentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxL istMakeMore%241=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAd Car_ascxControl1%24checkBoxListMakeMore%242=ctl00%24ContentPlaceHolder1%2 4FilterAdDefault1%24filterA dCar_ascxControl1%24checkBoxListMakeMore%243=ctl00%24ContentPlaceHolder1% 24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%244= ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1% 24checkBoxListMakeMore%245=ctl00%24ContentPlaceHolder1%24FilterAdDefault1 %24filterAdCar_ascxControl1%24checkBoxListMakeMore%246=ctl00%24ContentPla ceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMake More%247=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_asc xControl1%24checkBoxListMakeMore%248=ctl00%24ContentPlaceHolder1%24Filter AdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%249=ctl00%24 ContentPlaceHolder1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkB oxListMakeMore%2410=ctl00%24ContentPlaceHolder1%24FilterAdDefault1%24filt erAdCar_ascxControl1%24checkBoxListMakeMore%2411=ctl00%24ContentPlaceHold er1%24FilterAdDefault1%24filterAdCar_ascxControl1%24checkBoxListMakeMore%2 412=ctl00%24ContentP ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352786 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm