Over the past few days I've noticed some rudimentary attempts to do some SQL injection type attacks over the URL string on a few of our sites.
The stuff I'm getting is your typical '1=1 and user>0' type stuff added to the end of URLs. Looks almost like they may be using Google to hack for possible vulnerable strings in CFML sites. I know this has been very popular with .asp pages, maybe they are moving onto .cfm now as well. In any case, I am double checking our security and think we are fine, still, not having encountered this, I was wondering what some of you all might do in similar instances. I am noticing the attacks are coming to several of our sites from the same group of IP addresses. Is there a place to report this type of activity? Should you just shut off access entirely for these IPs? I know the worst problems with hackers is that once they are in, they are really tough to get rid of, but at the same time I'd hate to cut off access to a group of IPs if say it was like Comcast customers and not the RowandanNationalGreatDeals.comor something. Thanks, Cheyenne ------------------------------------------------------------- Annual Sponsor FigLeaf Software - http://www.figleaf.com To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
