I didn't really dig into it. Leave that to the network guys...
----- Original Message ----
From: Dean H. Saxe <[EMAIL PROTECTED]>
To: [email protected]
Sent: Thursday, August 2, 2007 7:45:09 PM
Subject: Re: [ACFUG Discuss] URL hackers
I'm with you. If you are confident in your code, don't stress. But keep
watching logs and seeing what's happening.
Curious... do you guys see the probes originating from the same group of IPs?
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"Dissent is the purest form of patriotism."
--Thomas Jefferson
On Aug 2, 2007, at 7:12 PM, shawn gorrell wrote:
Funny that you mention this. I've been seeing it a lot over the last few days
as well. The "user" thing in particular I saw multiple times today.
I guess you'll have to make the block decision based on the IPs. If the bulk
are coming from one of the Asia blocks (as many do when trying that crap on my
sites) and your customer base isn't part of that, block the whole damn thing at
the firewall. But it's tricker if the IPs are in the same range as your
customer base.
I kind of feel like if your code is solid that I wouldn't get too tweaked over
it. But I'm no security guru, so I'd like to see what Dean has to say about it.
----- Original Message ----
From: Cheyenne Throckmorton <[EMAIL PROTECTED]>
To: [email protected]
Sent: Thursday, August 2, 2007 6:45:51 PM
Subject: [ACFUG Discuss] URL hackers
Over the past few days I've noticed some rudimentary attempts to do some SQL
injection type attacks over the URL string on a few of our sites.
The stuff I'm getting is your typical '1=1 and user>0' type stuff added to the
end of URLs. Looks almost like they may be using Google to hack for possible
vulnerable strings in CFML sites. I know this has been very popular with .asp
pages, maybe they are moving onto .cfm now as well.
In any case, I am double checking our security and think we are fine, still,
not having encountered this, I was wondering what some of you all might do in
similar instances.
I am noticing the attacks are coming to several of our sites from the same
group of IP addresses. Is there a place to report this type of activity?
Should you just shut off access entirely for these IPs? I know the worst
problems with hackers is that once they are in, they are really tough to get
rid of, but at the same time I'd hate to cut off access to a group of IPs if
say it was like Comcast customers and not the RowandanNationalGreatDeals.com or
something.
Thanks,
Cheyenne
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor - Figleaf Software
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
