Well, the spammers had to get your page from somewhere...the page is likely only invalid because they're tacking on extra query params right? So removing the offending params might allow a valid request to get through. Remember that it's always possible that a legitimate person could have clicked a spammed link to get to your site. Why kill that legit request when you don't have to?
-----Original Message----- From: Che Vilnonis [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:24 AM To: CF-Talk Subject: RE: Application.cfc question: Where would be the best place to put this code? Basically, I am trying to prevent auto generated 'error' emails from being sent to me 200+ times a day. What would the regex do? If I strip out the offending string, it will likely still be invalid and cause an error to be created. Good point on the <cfabort> though. Regards, Che -----Original Message----- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 9:17 AM To: CF-Talk Subject: RE: Application.cfc question: Where would be the best place to put this code? That would be the most logical place to put it. I'm not sure that a cfabort is the best bet though. Why not simply use a regex and just strip out the offending portion of the query string? Start with http and remove that, and everything after it. -----Original Message----- From: Che Vilnonis [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 8:15 AM To: CF-Talk Subject: Application.cfc question: Where would be the best place to put this code? Losers are hammering my site with spam in the urls. The first line is what my url should look like. The second line is what I am getting from the spammers. http://www.mydomain.com/index.cfm?type=Specialty&spec=110 http://www.mydomain.com/index.cfm?type=Specialty&spec=http%3A%2F%2Fwww.north fans.ch%2Fforum%2Fadmin%2Fsettings%2Focoyo%2Fser%2F If I were to use the following code in Application.cfc, which function would be the best place to put it? Right now, I was thinking of placing it in onRequestStart. Any better ideas? The code would be simple an something like this: <cfif cgi.query_string contains "http://";> <cflocation url="http://www.mydomain.com";> <cfabort> </cfif> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:306958 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
