Michael, I have about 5 posts on this issue:
http://www.coldfusionmuse.com Starting with this one... http://www.coldfusionmuse.com/index.cfm/2008/7/18/Injection-Using-CAST-And-A SCII There's no magic bullet. The basic procedure is going to be to implement a blacklist function to prevent the attack (this is a "first level" defense to give you some breathing room), restore your DB or fix it with one of the several scripts running around, then go through your code and examine all the queries and add cfqueryparam, then look at where you are handling form inputs and validate what users have given you, then work on scrubbing anything that is given by the user that is output to the page (to prevent xss). Basically, other than the blacklist function (about which there are a variety of opinions) all of these steps aught to be followed regularly as your de facto coding standard. -Mark -----Original Message----- From: Mike Kear [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2008 6:36 AM To: CF-Talk Subject: Re: HELP! SQL Injection Attack! Well, as I said, the answer to this (as it is for a lot of things on the web) is not one but a combination of tactics. The ban ip thing might not be the bees knees for this but it sure helps with the kind of thing i THOUGHT he was describing. I've been able to almost eliminate spam entries from my gurestbook/contact us forms (ok i havent almost eliminated , lets say dramatically reduced then) across my sites. On one client's site for example, their guestook was choking to death with thousands of entries all spam, and now it's fewer than 5-6 spam entries a month. I have a database of 9600 or so ip addresses that i wont accept input from on any of my sites. As time goes on it gets more and more effective. Anyway, whatever solves the Michael's problem I feel sure is going to be a combination of things, not just the one. Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion 8 Ent, PHP 4 and 5, ASP, ASP.NET hosting from AUD$15/month On Thu, Aug 7, 2008 at 9:20 PM, Dave Watts <[EMAIL PROTECTED]> wrote: >> I konw you havent described a SQL injection ... > > No, that's exactly what he described. The attack appends JavaScript to > character fields. And, unfortunately, blocking specific IP addresses > won't get you very far here, because it's a random, automated attack > run from compromised hosts in a botnet, I think. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310349 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
