> I am currently using the SQLprev.cfm from Jochem to stop the onslaught > of superfluous bandwidth suckage from my server, but was wondering > what the difference would be with this one.
Since I am not familiar with his, I cannot say what the difference would be. I did include URL, form, cookie and common CGI variables into mine as well so it's pretty comprehensive for both this attack and others that might start looking for other vulnerable areas. It uses Gabriel's method of leveraging the java regex pattern matcher which seems to give better performance and less likely to hang on large strings than with CF. Luis Melo who contributed the RegEx that I am now using has his own SQLi blocker as well that includes a bunch of additional functions (such as keeping a list of blacklisted IP addresses in application memory) which some people may like as well. My goal was to just try and put something together that could easily be dropped in any application and do its thing with fairly minimal overhead. > Does this thing just raise it's ugly head every now and then and go > away for a while? This is the first I have seen of it on my server. This particular attack? It does seem to come and go. I have no doubt the hackers will look for other avenues to exploit once it seems that this one is no longer having much effect. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311314 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
