As luck would have it, if you can call it luck (this was a totally shitty migration, due to politicking mo-fo's fuxoring up my timeline) we had just migrated our last dsn's off of MSSQL the week before I went on vacation (and that week, and this week* ARRR!).
The bastards were still creating all kinds of cfqueryparam related error emails, but between val()s on some stuff, and doing some URL rewriting, we were able to nix 'em. So basically the first line of defense are the webserver-based rewrites, similar to what you're doing with the isapi handler. It didn't seem high-traffic enough to blacklist by IP, for us, but if you're getting that many hits, I'd go ahead and drop to a network level IP blacklist. That way the crap won't even hit your webserver or applications. So the webserver gets an injection attack from an IP, and then drops that IP into the network-based blacklist (on *nix, iptables or ipchains or whatever you use). Sucks for proxies and whatnot, I guess, so maybe too heavy-handed, but if it's crippling your server... *shrug*. Just some random thoughts. -- *the migration was /smooth/ (relatively) for the newer framework-based applications. Fucking easy compared to the old code, even tho I'd aimed at the old stuff being modular, so it wasn't as bad as it could have been, I guess. Encapsulation destroys modularization, in a battle. On Fri, Aug 8, 2008 at 9:28 AM, Michael Dinowitz <[EMAIL PROTECTED]> wrote: > Actually, I'm playing with a new idea. Using ionic isapi handler, I can > detect when the query_string has the offensive content and block it at the > server level without having to block based on ip. block based on the content > itself before it even gets to ColdFusion. > > > On Fri, Aug 8, 2008 at 11:18 AM, Greg Morphis <[EMAIL PROTECTED]> wrote: > >> True, so you combine <cfqueryparam with blocking the IPs.. >> I read that it was started on ASP sites I wonder if a lot of it is ASP >> programmers trying to share the love ;) >> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:265629 Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5
