That makes a bit of sense. One difference would probably be if the attackers were interested in the web server's response. If not, they could just fire and forget the request and ignore anything that came back-- including set-cookie headers. I'm just curious why some of the hits return the cookie after multiple successive hits, but others don't. It may have to do with the order the hits are sent out. The bot could spider one page, and then send out 15 asynch attack attempts to all the links on that page before moving on.
I've love to get my hands on an infected machine, but that would be about impossible without ISPs giving a darn. ~Brad ----- Original Message ----- From: "Mark Kruger" <[EMAIL PROTECTED]> To: "CF-Talk" <cf-talk@houseoffusion.com> Sent: Friday, August 08, 2008 11:59 AM Subject: RE: SQL injection attack on House of Fusion > Brad, > > That might make sense if the infection is some sort of control that makes > use of an underlying request architecture (IE's for example). If that were > the case then the request would be exactly as if it came from the users > browser... Cookies and all - yes? > > -mark > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310546 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4