I'm with you. If you are confident in your code, don't stress. But
keep watching logs and seeing what's happening.
Curious... do you guys see the probes originating from the same group
of IPs?
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"Dissent is the purest form of patriotism."
--Thomas Jefferson
On Aug 2, 2007, at 7:12 PM, shawn gorrell wrote:
Funny that you mention this. I've been seeing it a lot over the
last few days as well. The "user" thing in particular I saw
multiple times today.
I guess you'll have to make the block decision based on the IPs. If
the bulk are coming from one of the Asia blocks (as many do when
trying that crap on my sites) and your customer base isn't part of
that, block the whole damn thing at the firewall. But it's tricker
if the IPs are in the same range as your customer base.
I kind of feel like if your code is solid that I wouldn't get too
tweaked over it. But I'm no security guru, so I'd like to see what
Dean has to say about it.
----- Original Message ----
From: Cheyenne Throckmorton <[EMAIL PROTECTED]>
To: discussion@acfug.org
Sent: Thursday, August 2, 2007 6:45:51 PM
Subject: [ACFUG Discuss] URL hackers
Over the past few days I've noticed some rudimentary attempts to do
some SQL injection type attacks over the URL string on a few of our
sites.
The stuff I'm getting is your typical '1=1 and user>0' type stuff
added to the end of URLs. Looks almost like they may be using
Google to hack for possible vulnerable strings in CFML sites. I
know this has been very popular with .asp pages, maybe they are
moving onto .cfm now as well.
In any case, I am double checking our security and think we are
fine, still, not having encountered this, I was wondering what some
of you all might do in similar instances.
I am noticing the attacks are coming to several of our sites from
the same group of IP addresses. Is there a place to report this
type of activity? Should you just shut off access entirely for
these IPs? I know the worst problems with hackers is that once
they are in, they are really tough to get rid of, but at the same
time I'd hate to cut off access to a group of IPs if say it was
like Comcast customers and not the RowandanNationalGreatDeals.com
or something.
Thanks,
Cheyenne
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------