RE: Baffling Error
Somebody has a bad link to your site? This happens on all sites (30 or so), the beginning url is valid, it's just at the first ' (single tick), junk is automatically appended on the string. -Original Message- From: Matt Williams [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2008 12:11 PM To: CF-Talk Subject: Re: Baffling Error Somebody has a bad link to your site? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301755 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Baffling Error
This might be the culprit. http://weblog.infoworld.com/securityadviser/archives/2008/03/organized_crimi.html?source=NLC-DAILYcgd=2008-03-21 On Thu, Mar 20, 2008 at 11:38 AM, Mark Leder [EMAIL PROTECTED] wrote: Hi, I've been going through my error logs on CF8/IIS6, and repeatedly come up with this message (note the URL will be for any site that's on my server, this is an example): http://rosemariespeaks.com/'http:/rosemariespeaks.com/index.cfmhttp://rosemariespeaks.com/%27http:/rosemariespeaks.com/index.cfm The filename, directory name, or volume label syntax is incorrect null The error occurred on line -1. I've been searching all over Google for issues related to IIS6, but haven't found anything. I use an application.cfc in the front end of all my sites. Is there something I could be doing in the application.cfc or in IIS to prevent these malformed urls? Thanks, Mark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301764 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Baffling Error
Hi, I've been going through my error logs on CF8/IIS6, and repeatedly come up with this message (note the URL will be for any site that's on my server, this is an example): http://rosemariespeaks.com/'http:/rosemariespeaks.com/index.cfm The filename, directory name, or volume label syntax is incorrect null The error occurred on line -1. I've been searching all over Google for issues related to IIS6, but haven't found anything. I use an application.cfc in the front end of all my sites. Is there something I could be doing in the application.cfc or in IIS to prevent these malformed urls? Thanks, Mark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301648 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Baffling Error
Somebody has a bad link to your site? On Thu, Mar 20, 2008 at 10:38 AM, Mark Leder [EMAIL PROTECTED] wrote: Hi, I've been going through my error logs on CF8/IIS6, and repeatedly come up with this message (note the URL will be for any site that's on my server, this is an example): http://rosemariespeaks.com/'http:/rosemariespeaks.com/index.cfm The filename, directory name, or volume label syntax is incorrect null The error occurred on line -1. I've been searching all over Google for issues related to IIS6, but haven't found anything. I use an application.cfc in the front end of all my sites. Is there something I could be doing in the application.cfc or in IIS to prevent these malformed urls? Thanks, Mark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301650 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Baffling Error
Hi, I've been going through my error logs on CF8/IIS6, and repeatedly come up with this message (note the URL will be for any site that's on my server, this is an example): http://rosemariespeaks.com/'http:/rosemariespeaks.com/index.cfm The filename, directory name, or volume label syntax is incorrect null The error occurred on line -1. I've been searching all over Google for issues related to IIS6, but haven't found anything. I use an application.cfc in the front end of all my sites. Is there something I could be doing in the application.cfc or in IIS to prevent these malformed urls? Thanks, Mark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301654 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Baffling Error
I've been going through my error logs on CF8/IIS6, and repeatedly come up with this message (note the URL will be for any site that's on my server, this is an example): I'm with Matt here, it looks like someone, somewhere has a bad link to your site. Your site appears to be functioning perfectly. Hatton ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301658 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Baffling Error
The problem is that there are bots pounding all my sites with malformed urls. I get anywhere from 20 to 100 per day. Is there a way to filter/regex stop that from occuring before it throws an error? -Original Message- From: C. Hatton Humphrey [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2008 1:04 PM To: CF-Talk Subject: Re: Baffling Error I've been going through my error logs on CF8/IIS6, and repeatedly come up with this message (note the URL will be for any site that's on my server, this is an example): I'm with Matt here, it looks like someone, somewhere has a bad link to your site. Your site appears to be functioning perfectly. Hatton ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301667 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Baffling Error
Those are all most likely SQL injection or cross site scripting attack attempts. There is really nothing you can do to stop them. Just make sure all URL data is sanitized before using etc. ~Brad -Original Message- From: Mark Leder [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2008 1:09 PM To: CF-Talk Subject: RE: Baffling Error The problem is that there are bots pounding all my sites with malformed urls. I get anywhere from 20 to 100 per day. Is there a way to filter/regex stop that from occuring before it throws an error? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301676 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Baffling Error
There is really nothing you can do to stop them. Te prevent them, you're right, but you can definitely stop them, right after the first attempt: Ban the IP! -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301683 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Baffling Error
Those are all most likely SQL injection or cross site scripting attack attempts. There is really nothing you can do to stop them. Just make sure all URL data is sanitized before using etc. That is very interesting. Have you run into these a lot? What do these look like? Should ones web server logs record URL and Form vars? Are they bots? I haven't done but a couple of public facing apps in the last couple of years so I have not run into these. -- I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301686 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Baffling Error
That is very interesting. Have you run into these a lot? What do these look like? I'm having such attempts about a dozen every day, all from different hosts, but all with the same user agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; ..NET CLR 1.1.4322) I suspect it's some kind of trojan that infects PCs anywhere. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301688 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Baffling Error
The problem is that there are bots pounding all my sites with malformed urls. I get anywhere from 20 to 100 per day. Is there a way to filter/regex stop that from occuring before it throws an error? Create a custom 404 that is caught by both CF and IIS/Apache that redirects to /index.cfm ? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301694 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Baffling Error
Create a custom 404 that is caught by both CF and IIS/Apache that redirects to /index.cfm ? So, what would the regex or script look like? Because there are lots of variations in the malformed URL. Mark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301699 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4