----- Original Message ----- From: "Brad Wood" <[EMAIL PROTECTED]> > Dang, the brutes thought of everything. I even tried a test to see if the > bots would return cookies I attempted to set in order to track them > easier. > Nope, they don't.
Ok, I take that back. SOME, but not all, of the hack attempts come back to my site with the cookie I sent to them previously. Rather interesting-- I would expect them to all behave the same way. Perhaps there are different versions of the Trojan out there. Also, the attacks on my server today seem to either be targeting certain SES URLs, or just plain broken. I am getting hits like: /index.cfm?;DECLARE @S CHAR(4000);SET @S=CAST(0x4...6F72 AS CHAR(4000));EXEC(@S); You can see that the malicious string is NOT being sent in as any particular URL parameter. Furthermore, since the = sign has not been escaped, the string gets broken up such that the variable name is ";DECLARE @S CHAR(4000);SET @S" and the value is the rest of the string. What the heck are they trying to do? Has today's attacks actually infected anyone? ~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310542 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
