Hi guys Over the past few months we've been getting 1000s of errors from some idiot trying to hit us with a query injection attack (I've read on several forums that these hackers have given up on ASP sites and are now targeting CF site). Fortunately we didn't get stung because of good queryparaming however it's just annoying getting 100s of errors each day!! I very carefully unpacked the string and as per my guess it was setup to modify every record in every DB table and populate it with a reference back to a supposed .js file on a server in China. The .js file tries to download a .exe which would probably be a virus.
There's no point trying to block their IP because they IP jump across 100s of addresses. I'm going to build in a fix to block the errors i.e. scan the query string for a 'declare' reference and kill it however does anyone know where I can report these guys to? The .js file lives at www.ppexe.com, which when I do a whois lookup there are minimal details and they're all in Chinese. Word of advice to all: DON'T FORGET TO <CFQUERYPARM/>!!!! Cheers Matthew --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---
