We got a reputation for being easy to hack, so they now concentrate on cfm files.. hopefully, with this last attack, at least everyone on this list should already be protected against the current set of attempts... and if they don't succeed, maybe they will move on to easier targets.
I know I got shot down last time for suggesting blasphemy (having cf query automatically fix the problem for us), but how about the next best thing... have a new option in the code analyzer in the cf administrator, to check for potential sql injection vulnerabilities. Maybe just license the scanner that is floating around, and integrate it in.. then add a new menu option in a prominent spot to "check for sql injection vulunerabilities". If these attacks don't succeed, they will stop trying and move on. OR maybe a project to find these problems out in the wild and notify the owners of the problem. Just like these guys use google for find cfm pages, a spider can be created to search google for all cfm files, then try a simple test of sql injection technique like adding ';select * from nonexistent" to the url and check for an error message with nonexistent in it. At 05:54 PM 9/20/2008, Les Mizzell wrote: > > A new type of sql attack is hitting my server since about 2 am this > > morning..... > >I am seeing a large increase in the number of attacks on several of my >sites in the last 48 hours.. > >Here we go again... > >Instead of just being on the defense, I wish there was some way to >counter attack!!! Hmmmm ... might think on this a bit! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312855 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
