thanks for the info, at least we know what to look for now. we will also try to setup something similar, thanks again
>No - if you are hacked, the home page is available, but it includes a >javascript that does bad things to the visitors. >The most common way is a sql injection attack, where they insert the >javascript into some fields in the database, (in my case, they >appended the javascript to all vchar fields in every table) so when >you display information on the website from the database, you >inadvertently are also adding that javascript to the page. > The recent attack that is being talked about has the attacker >editing the index.cfm page and directly adding javascript to it. > >In both types of attacks, the home page is available and you might >not notice anything just by looking at it. >So my idea to detect it is to set up a cfhttp call to the index.cfm page. >I add a url parameter that signifies that the page should also >display my own personal information from one of the tables. I do this >because I know I won't change the information in the table, and if it >does change, there was a problem. > >So the first time I do the cfhttp call, I save the page, then all >subsequent calls get compared to it. If it changes, or is not >available, I send an alert to my cell phone. >I do this as an automated task from a different server so I can test >if the website is up also. > >One problem I had was my banner ad changes.. so I put a comment >around the banner ad that says "start banner" "end banner", and snip >that section out before comparing it. > > > > > > >At 12:34 PM 4/14/2009, you wrote: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321602 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
