The only way I found the SQL Injection Attack was my server kept crawling to a dead hault. I looked in SeeFusion (some softwear I purchased that lets me see what is going on live with the websites) and I noticed that the sites Total Time just kept going up and never resolving, basically every website coming to a hault and bringing my server to a scretching hault. I would reboot CF to get it to unlock. After a scan of Cold Fusion logfiles application.cfm file, I saw this weird URL string and thus my search landed me here. Whether or not that is what was or is bringing my server to a hault, I don't know - but I can only hope. I am pretty sure it has something to do with the (don't everyone scream all at once) 45 access databases I am using to run the individual websites off of or not, but just maybe. ~ David G. Moore, Jr. P.S. Can't wait to see everyone's response to this one? I am pretty sure I am about to get another SMACK DOWN...> Subject: RE: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 17:59:23 -0400> > > Does this thing just raise it's ugly head every now and then > > and go away for a while? This is the first I have seen of it > > on my server.> > This is the first large-scale automated SQL injection attack. Automated> attacks have been around for a long time, as have SQL injection attacks.> > Honestly, this current attack is just a nuisance. SQL injection attacks are> usually more destructive, in that they often involve the theft of sensitive> data. In those cases, of course, the attack is manual rather than automated.> But if your site is vulnerable to this automated attack, it has always been> vulnerable to these manual, destructive attacks - which may have already> occurred without your knowledge.> > Dave Watts, CTO, Fig Leaf Software> http://www.figleaf.com/> > Fig Leaf Software provides the highest caliber vendor-authorized> instruction at our training centers in Washington DC, Atlanta,> Chicago, Baltimore, Northern Virginia, or on-site at your location.> Visit http://training.figleaf.com/ for more information!> >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311332 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
