Dear Mr. Dean Saxe of USA,
LMFAO!
Kindly and with God,
_____________________
Derrick Peavy
derr...@derrickpeavy.com
404-786-5036
“Innovation distinguishes between a leader and a follower.” -Steve Jobs
_____________________
On Nov 23, 2009, at 1:59 PM, Dean H. Saxe wrote:
You mean like the one who "rented" my house when it was for sale?
At least 2 people lost $1k in that scam. And one of them showed up
at my door ready to take possession of the house the day before I
moved out!
--
Dean H. Saxe
"A true conservationist is a person who knows that the world is not
given by his fathers, but borrowed from his children." -- John
James Audubon
On Nov 23, 2009, at 10:54 AM, shawn gorrell wrote:
To each their own. The plus side of the Nigerian scammer types is
they have many more lulz than APNIC or RIPE.
From: Derrick Peavy <derr...@derrickpeavy.com>
To: discussion@acfug.org
Sent: Mon, November 23, 2009 1:50:40 PM
Subject: Re: [ACFUG Discuss] SQL Injection
That being said....
I still block Afrinic and will continue to do so. Too many past
issues with Nigeria. It may be whackamole, but it's effective
enough that i no longer have to deal with brute force attacks
nearly as often.
I consider it low hanging fruit to knock off some of the subnets
that are known to be nasty. Takes 10 minutes and then RONCO - "Set
it and Forget it!"
_____________________
Derrick Peavy
derr...@derrickpeavy.com
404-786-5036
“Innovation distinguishes between a leader and a follower.” -Steve
Jobs
_____________________
On Nov 23, 2009, at 11:01 AM, shawn gorrell wrote:
I was just getting ready to say that...
When I first started administering servers I used to get really
freaked out by all of the attack traffic and spent a bunch of time
blocking IP's at the router. Over time I realized that it was just
playing whack-a-mole and was mainly a waste of my time. If you
knock them down on one subnet, another will popup, and your
overall attack traffic will be undiminished. All you've done is
waste your own time and mental energy. A better approach is to
make sure your network, server and applications are as tight as
they can be (and validate that regularly), and quit worrying about
botnets and script kiddies.
From: Dean H. Saxe <d...@fullfrontalnerdity.com>
To: discussion@acfug.org
Sent: Mon, November 23, 2009 10:55:25 AM
Subject: Re: [ACFUG Discuss] SQL Injection
You miss the point. Attackers don't just originate from their
home countries, they bounce through proxies around the world,
including where your intended audience sits.
-dhs
--
Dean H. Saxe
"A true conservationist is a person who knows that the world is
not given by his fathers, but borrowed from his children." --
John James Audubon
On Nov 23, 2009, at 7:49 AM, Troy Jones wrote:
I think that would depend on the intended scope and audience of
your site or server's sites. For example, does someone in Beijing
need to browse for a product that isn't available over the web or
sold in any store outside the contiguous U.S.? Or would someone
in Ulan Bator need to set up a pick-up laundry service in St.
Louis? Of course there would be exceptions but I think it would
be worth the small number of legitmate denials to do this.
<image001.jpg>
___________________________________________________________________________________________
Troy Jones | Developer/Support Technician | Dynapp Inc |
1-800-830-5192 ext. 603 | dynapp.com | facebook.com/dynapp
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean
H. Saxe
Sent: Friday, November 20, 2009 10:08 PM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] SQL Injection
Yeah sure, you CAN, but its not the solution to the problem. On
a recent incident response we had attacks originating from asia,
south america and europe. Do you plan on blocking them all?
-dhs
--
Dean H. Saxe
"A true conservationist is a person who knows that the world is
not given by his fathers, but borrowed from his children." --
John James Audubon
On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote:
You can block subnets. On a couple of domestic sites, I have
even blocked all requests from ALL OF ASIA (or close). While I
know this is a drastic measure… all SQL Injection attack (and
other hack attacks) attempts reduced by 98% with that done.
Here is a link that describes how to do this and why:
http://www.parkansky.com/china.htm
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean
H. Saxe
Sent: Friday, November 20, 2009 11:59 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] SQL Injection
Blocking IPs is useless, attackers will just use another proxy to
change the apparently location of the originating attack. You
can't stop the attempts, you must instead prevent the
exploitation of vulnerable code. This means writing secure code
using data validation on all input, data sanitization on output
(in this case, parameterized queries using cfqueryparam) and
following the principle of least privilege on the database access.
-dhs
--
Dean H. Saxe
"A true conservationist is a person who knows that the world is
not given by his fathers, but borrowed from his children." --
John James Audubon
On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote:
Hey folks,
I saw John's tweet earlier this week about a new wave of SQL
Injection ( and link to a great article on it http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss)
, and sure enough I'm seeing a huge upswing in attempts. Over
100 failed attempts last night alone.
We have taken the steps to prevent damage / harm, but I was
wondering what folks are doing after they stop the attempt. What
kind of message if any do you provide ? Are people checking the
logs, and blocking IP's of the worst offenders? Or something else?
-Rudi
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org/?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.425 / Virus Database: 270.14.78/2521 - Release Date:
11/23/09 07:52:00
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org/?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------