javaScript in the Browser string!! [Re: [ACFUG Discuss] URL hackers]

Thu, 02 Aug 2007 18:06:38 -0700 

That's not so bad.
A few months ago, a ran my daily report showing user sessions, locale, broswers, etc. Every time I ran the report, the page was "hijacked" and I was taken off site to another site. And I kept asking "WTF?" 


Code was fine, hadn't touched the code in weeks.  Well, I store basic  
data on my users, such as browser name so that I know when a  
particular piece of code is going to go over with 90/95% of users.  
Doesn't everyone?  Finally found that the "visitor" had a browser  
name of



< SCRIPT > window.location='http://txt2pic.com' </script>  
(compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR  
2.0.50727)


People will try anything.

_____________
Derrick Peavy
404-786-5036
Sales and Web Services
CollegeClassifieds.com
http://www.collegeclassifieds.com
A Service of Universal Advertising, inc.
___________________________________


On Aug 2, 2007, at 6:45 PM, Cheyenne Throckmorton wrote:


Over the past few days I've noticed some rudimentary attempts to do  
some SQL injection type attacks over the URL string on a few of our  
sites.



The stuff I'm getting is your typical '1=1 and user>0' type stuff  
added to the end of URLs.  Looks almost like they may be using  
Google to hack for possible vulnerable strings in CFML sites.  I  
know this has been very popular with .asp pages, maybe they are  
moving onto .cfm now as well.



In any case, I am double checking our security and think we are  
fine, still, not having encountered this, I was wondering what some  
of you all might do in similar instances.



I am noticing the attacks are coming to several of our sites from  
the same group of IP addresses.  Is there a place to report this  
type of activity?  Should you just shut off access entirely for  
these IPs?  I know the worst problems with hackers is that once  
they are in, they are really tough to get rid of, but at the same  
time I'd hate to cut off access to a group of IPs if say it was  
like Comcast customers and not the RowandanNationalGreatDeals.com  
or  something.


Thanks,
Cheyenne

-------------------------------------------------------------
Annual Sponsor - Figleaf Software

To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform

For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
























					Reply via email to