No I didnt write a filter. IMO such an attempt is unlikely to work because
one would have to guess in advance all the words a hacker could use and I am
not that clever.
----- Original Message -----
From: "Paris Lundis" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Sunday, August 12, 2001 3:04 PM
Subject: Re: Hacking CF Web Sites and Applications
> Don,
>
> Was it you who had wrote the URL filed filter to eliminate DROPs and
> such?? A conversation tat went around a few weeks ago and got lost in
> my massive inbox :)
>
> We have been experiencing tons of the IDA exploit attempts... Started
> rifling off some nasty notes to admins of where these (mostly cable
> modem) idiots have bandwidth...
>
> Black Ice is cool for monitoring.. love it... Just wish it could be a
> bit more automated on certain attack to draft emails and such... and
> the evidence logs are really organized...
>
> Never thought *I* would need or want to utilize a firewall type
> solution... Needless to say our servers are running much faster as a
> result... Must of had a lot of really crappy traffic stressing the
> servers... Spent about 4 hours last night patching the MS based
> servers..
>
> In all I consider it worth it.. The URL hack though still concerns
> me :)
>
> -paris
> -----Original Message-----
> From: "Don Vawter" <[EMAIL PROTECTED]>
> Date: Sun, 12 Aug 2001 09:00:38 -0600
> Subject: Re: Hacking CF Web Sites and Applications
>
> > I have a page on preventing url hacks which was derived from the
> > school of
> > hard knocks after it happened to me
> > http://www.vawter.com/urlhack.cfm
> >
> > ----- Original Message -----
> > From: "Daryl Fullerton" <[EMAIL PROTECTED]>
> > To: "CF-Talk" <[EMAIL PROTECTED]>
> > Sent: Sunday, August 12, 2001 8:37 AM
> > Subject: Hacking CF Web Sites and Applications
> >
> >
> > > Hi all,
> > >
> > > Any one got general advice on how to prevent hackers from getting
> > access
> > to
> > > CF sites via back doors and tampering with data
> > >
> > > We dont want the hackers to be able to change data via URL strings.
> > >
> > > e.g Encrypting URL variables etc
> > >
> > > Anything else we should look at
> > >
> > > Any good articles out there?
> > >
> > > Thanks
> > >
> > > Daryl Fullerton,
> > > Managing Partner,
> > > BizNet Solutions,
> > > Allaire Premier Partner (Ireland)
> > > 133 - 137 Lisburn Road
> > > Belfast
> > > BT9 7AG
> > > N.Ireland
> > >
> > > Direct +44 (0) 28 9022 7888
> > > Tel +44 (0) 028 9022 3224
> > > Fax +44 (0) 028 9022 3223
> >
> > <snip>
> >
> >
> >
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
