blocking the IPs would probably stop the attacks, but analyzing them is going to be useless. They're either using some hacked computer as a proxy, or have some sort of spoofing in place. Unless you're really good at forensics, you'll never find their real origination point.
andy -----Original Message----- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 11:03 AM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion Tell us how you really feel Ben. :) I had to temporarily stop apache on my site long enough to get a stop gap in place. My database is safe, but I was getting around 90 requests a second and ColdFusion and MySQL were eating up all the server's CPU trying to keep up. SSH was even unresponsive. I think I'm going to dump all these attempts in a database to analyze. I curious where the majority of the IPs are coming from. There has to be a way to squeak in the ear of ISPs loud enough to have them shut down infected users until they are cleaned. ~Brad ----- Original Message ----- From: "Ben Forta" <[EMAIL PROTECTED]> To: "CF-Talk" <cf-talk@houseoffusion.com> Sent: Friday, August 08, 2008 10:50 AM Subject: RE: SQL injection attack on House of Fusion > Yep, I turned e-mail notifications off too, leave it on and you can > inadvertently turn blocking SQL injection attacks into a self-imposed DoS > attack. Fun stuff. > > On the plus side, it's nice to see CF finally getting the recognition it > deserves, even if it is from parasitic bottom-feeding bots created by > despicable scum-sucking feeble-excuse-for-a-carbon-based-life-form > repugnant > socially-inept basement-dwelling death-penalty-deserving hacker-wannabes. > > --- Ben ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310566 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4