Sorry for the "top posting", where are we now in terms of best practice for cf8 protection again sql injection attack? Going through 136+ posts seems a bit too much, many thanks. Some one who has closely monitored this thread probably could help.
>Sorry for the problems with the House of Fusion site. We've been under >massive attack by sql injection bots and I've just been able to get a handle >on it. A fast solution to the problem is this: ><cfif findnocase("';DECLARE", cgi.query_string)><cfabort></cfif> >It works unless you have a few hundred attacks at a time. In that case, >place a cfmail before the abort and send youself the cgi.remote_addr. Then >block it on the webserver level. It works very well. I've blocked a dozen >IPs and now the site is back to flying. > >-- >Michael Dinowitz (http://www.linkedin.com/in/mdinowitz) >President: House of Fusion (http://www.houseoffusion.com) >Publisher: Fusion Authority (http://www.fusionauthority.com) >Adobe Community Expert / Advanced Certified ColdFusion Professional ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311049 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4