I send out an opt-in medical newsletter.. that adheres to all of the rules..
recently yahoo blocked the from address from sending mail - no
bounce backs - not put in spam folder - just deleted, for ALL mail
going to yahoo.com.. from this email address.
They do this occasionally, and I fill
I talked to Yahoo. They put us on a whitelist, but then people report
us as spam, and they block us.They actually told me that the best
thing to do is use certified mail.. for only a few thousand dollars a
year, they will skip this nonsense and all mail gets through!
At 07:35 PM
And changed
EXEC to ExEC
I am getting hit pretty hard again. It stopped for a few days but
they are back.
At 06:56 PM 8/15/2008, you wrote:
They completely stopped on the 11th, but they are back to day spelling it
like DeCLARE.
~Brad
NO
Haven't you been reading the zillions of messages
on sql injection? This is an open invitation that says HACK ME!
even with snippets - we should all get into the habit of adding cfqueryparam..
I am not sure of the details of his database
structure, but someplace he may need a states
Open the website log with word and do a search for DECLARE
you will find a lot of entries..
Look for a filename that is in a different directory than what you
expected.. I think I got hit from a template that was in an old,
unused directory from many years ago. I recently went through
I just downloaded and installed the google chrome browser. It blows
the socks off of IE and firefox..
However, none of my pages that use fckeditor.cfc work I get a
strange error that width is undefied.. but it works in all of the
other browsers..
When I hard code in the width, no errors but
, Al Musella, DPM
[EMAIL PROTECTED]wrote:
I just downloaded and installed the google chrome browser. It blows
the socks off of IE and firefox..
However, none of my pages that use fckeditor.cfc work I get a
strange error that width is undefied.. but it works in all of the
other browsers
Look at the .cfm file and see if these script tags are in the cfm
file or if they are stored in a database.
Look through your database. Look at every table and see if there is
a lot of junk at the end of some char or varchar fields..
At 10:37 PM 9/2/2008, you wrote:
I have one site in
Maybe you could embed the user's name in places that would make it
harder for people to use with the wrong login information..
For example, on the main page display the current users' name and
email address.. they will be less likely to share the log in info
with strangers.
Have reports
Or you could try to do what microsoft did with windows...
allow the licensing terms to easily be bypassed - and let a huge
installed base of loyal users get hooked on it..
then when it comes times for upgrades - crack down. Have the
upgrade count how many users are in the database and
Maybe you hit a limit in the number of items
valuelist or cfqueryparam could handle.
try building the string outside the query with
valuelist, to see if the valuelist triggers an error..
then use that string with cfqueryparam in your
query and if it doesn't work, try the string
(just once,
A new type of sql attack is hitting my server since about 2 am this
morning. It got through the filter I use because it has
different keywords. Luckily the cfparam triggered an error - as it
was looking for intergers and was finding this:
We got a reputation for being easy to hack, so they now
concentrate on cfm files..
hopefully, with this last attack, at least everyone on this list
should already be protected against the current set of
attempts... and if they don't succeed, maybe they will move on to
easier targets.
I
for commercial use but a tool
for back end site optimization. So if your up for a beta, let me know.
On Sat, Sep 20, 2008 at 9:45 AM, Al Musella, DPM
[EMAIL PROTECTED]wrote:
~|
Adobe® ColdFusion® 8 software 8 is the most important
Dave,
That is one of the scariest things I ever read :)
Heath - If I am reading this correctly, encrypting the cookie
doesn't matter. They can just get your encrypted cookie and use it
as is, they do not need to unencrypt it.
Thanks Dave,
Do you think encrypting the cookie values would
I didn't mean your comment was scary - I was
referring to the article about how to steal sessions..
At 09:07 PM 9/24/2008, heath stein wrote:
Yes, that was not one of the smartest comments i
have ever posted, I was trying to come up with a
solution for getting around having to send
The problem is in
script language=javascriptlocation.replace('index.cfm');/script
Just delete that line and everything should work..
When cookies are involved, some browsers have problems with redirects.
If it works, donate the $50 to: virtualtrials.com/donate
my favorite charity:)
If you have a complete copy of the web site on
your development box, just delete the web
directory and upload the fresh code from your
development box. They probably edited some of your pages.
I would actually reinstall windows on the
server first. Because if they edited your pages,
they
I was going crazy today.. my cf server has been really slow and
throwing time out errors recently .. getting worse fast. and it is
usually lightning fast..
then Verizon changed all of my static IP addresses at 4am this
morning (they gave me a window between midnight and 6 am - and my
website
I also use smartermail.. and I think that it is the mail server
slowing down the process.. not the cf spooler. The cf spooler looks
like it is slow because it is waiting for the mail server.
I also think this is a good thing.. I have to do strange things to
intentionally slow down the
How do you handle undeliverable mail. I have been doing it
manually, but it is time to automate it..
Is there a regex that can break out the ones that have to be
deleted vs. the ones that just are temporarily down? Here are a few
samples of what I mean:
these can be deleted:
Failed
True, but in the case of :
Failed Recipient: [EMAIL PROTECTED]
Reason: Remote host said: 550 550 Dynamic/zombied/spam IPs blocked.
Write [EMAIL PROTECTED]
I don't want to delete this person from my newsletter automatically..
I want to be made aware of the situation and correct it, then resend
I was also just working on using gmail... but with cfpop..
there is a cute trick to it.. see:
http://www.anujgakhar.com/2008/05/18/cfpop-and-gmail/
At 08:33 AM 10/19/2008, you wrote:
Thanks. :)
Adrian Lynch wrote:
I'm not sure if I'm answering the right question, but...
I currently
cfchart format=jpg scaleto=70
cfchartseries type=scatter datalabelstyle=none
cfchartdata item=A value=50
cfchartdata item=B value=25
/cfchartseries
cfchartseries type=scatter
cfchartdata item=A value=60
Dan,
Did you try rebooting the server? Sometimes there is a memory leek
in the web server or database server.. r
At 10:37 AM 10/22/2008, you wrote:
We have one old ColdFusion 5 server that has been humming along
nicely for years now. But yesterday all of the graphs stopped
functioning
This might be a long shot, but it is so easy to check...
check the size of the log files .. not just the ones in the /logs
directory. Do a search on the entire cold fusion directory.I had
some huge log files in there causing this same problem. Deleting them
fixed everything
I love the way you disguise the cold fusion pages by using a php
extension on the links..
http://www.austin-williams.com/portfolio/popup.php?image=Allied/ad1http://www.austin-williams.com/portfolio/popup.php?image=Allied/ad1
At 10:07 AM 10/31/2008, you wrote:
We've just launched our own new
Wow!
I missed that one.. looks like exactly what I need for a project I
am working on now
Thanks
At 11:43 AM 11/4/2008, you wrote:
cfdiv
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
I do something similar but in a bizarre way.. I set up the word
documents as mail merge templates. The website saves the data in a
text file, then you open the word document, it reads in the data file
and puts the information in the correct place
At 02:48 PM 11/11/2008, you wrote:
Hello
I am new to ajax.. and my javascript isn't too hot either:)
I am trying a simple lookup of a city and state given a zip code. I
have it working if I just return a city as a string, but when I try
to return a structure with a city and state I get undefined
Here is the code where I call the
That worked! Thanks
JavaScript is case-sensitive. Structs are returned with key names in
uppercase. Try result.CITY and result.STATE.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
and xml, etc.
HTH
Dominic
2008/11/19 Al Musella, DPM [EMAIL PROTECTED]:
That worked! Thanks
JavaScript is case-sensitive. Structs are returned with key names in
uppercase. Try result.CITY and result.STATE
(I am on CS3)
The biggest annoyance I have is when working on 2 files, which are
in different directories - hundreds of filenames away from each other..
When I make a change in both, then go to save them and upload them
to the testing server, I have to navigate to the first one in the
Shift+Ctrl+U did the trick! Thanks
I can't find the PUT button on the document toolbar.. what does it look like?
The idea of selecting recent files doesn't work -
there are a lot of files and it takes too long to look through them.
thanks
At 09:55 AM 12/10/2008, you wrote:
Or use
thanks!
It may have sounded like a stupid question, but that tip will come in
handy. I never clicked that button before!
At 07:50 PM 12/10/2008, you wrote:
It's the one that says file management when you mouse over it; it's
two arrows next to each other (one pointing up and one pointing down).
The system tables should NOT allow you to read the data from
CF. They are set up correctly on the 2 live systems.. on your
testing server, the permissions are relaxed to allow you to work on them.
This prevents a lot of damage when you get hacked.
On Monday 15 Dec 2008, Jeff Chastain
You can try using an IFRAME for the upload file
form field.. use javascript on the submit button
to hide (or make really small) the iframe and
replace it with a animated gif of file
uploading.. then when the next page loads, fire
a javascript event to change the gif to done!..
At 09:29 AM
Most of the jerks aren't that computer literate. A simple way to
block them is to just set a cookie with a uuid that never expires
when they first hit your website. When ever they log in or
register, record the uuid that they used (in case they log in from
multiple computers or multiple
View the source from the browser, and compare the one on your dev
machine to the live server. There is always the chance of a virus on
the server putting something extra into the output
~|
Adobe® ColdFusion® 8 software 8 is
I just want to point out that you should be using cfqueryparam around
all of those form elements. The way you have it will last about 2
hours before someone hacks into your database.
see:
I hate to ask - but if you copy the data from the live server to
your testing server, make a change to the database on your testing
server then upload the database structure and data back to the live
server, what happens to any new data collected on the live server in
the time it takes you
The way I handle this is to call the development site beta.domain.com
this way you can set up the dns to point to your development
machine and use host headers for all of the websites..
~|
Adobe® ColdFusion® 8 software 8
Try running this query by itself on a cf page, to
see if maybe one of the other querries on the page is somehow blocking it
At 06:03 AM 1/19/2009, you wrote:
Morning Adrian, thanks for getting back to me.
This is definitely not caused by the output/dump
of the queries, even when all those
Hi Andy,
Looks nice, but why wouldn't you just create the short URL using
your own domain? I do that, and it allows me to count how many
people click each short link, and also lets me put links back to my
website all over the web, instead of links to the short url websites?
Al
Hi
I run a nonprofit brain tumor charity.. and I had an idea for a
fundraiser where we get a lot of people to send us a text message
that acts as a $5 donation to our organization.
Has anyone implemented a system in coldfusion where people can text a
payment to you?
I looked at a few places
thanks, but I found the details..
there is one organization that is allowed to
offer donations by texting by all of the cell
phone carriers. it is the mobile giving foundation http://mobilegiving.org/
They have it set up so that they handle the money
and receipts..but then contract out
Wow!
I didn't know that. So would it be safer to use all nchar fields
in the database instead of char, then no matter what the paramater
came in as, it is faster to convert the parameter to unicode once
than to convert every value in the index?
At 01:41 AM 2/14/2009, you wrote:
This
Nobody else mentioned it yet, but I had something similar happen many
years ago - a link checking program was accidentally run on a
password protected area of the website and did a lot of funny things
to our database..
ever since then, I never use a link to make a change in my
database. It
I don't understand what you are trying to do.
Explain it in more detail, use an example
At 05:12 PM 3/1/2009, you wrote:
Any one have any suggestions on this?
On Sun, Mar 1, 2009 at 3:39 PM, Pranathi Reddy rk.prana...@gmail.comwrote:
Hi All,
I am new to cold fusion and trying to
Change it to this and the time should go down by a factor of about 100,000
:
CFQUERY NAME=getArmes DATASOURCE=Armoriaux
SELECT count (*) as N
FROM armesArmoriaux
/CFQUERY
CFOUTPUTgetArmes.recordCount = #getArmes.n#BR
cfquery.ExecutionTime = #cfquery.ExecutionTime#BR/CFOUTPUTCFABORT
What are you doing with this recordset? Can it be broken down into
manageable chunks? CF excels at displaying data, and displaying
10,000 records isn't practical. Are you doing this one time, or with
every page request?
Hi all,
I've a large query with a large number of recordsets.
I got this from a quick web search:
Virut is a virus that infects any executable files and screensavers
that the user accesses. The parasite also opens a back door providing
the attacker with unauthorized remote access to the compromised
computer. The intruder can upload and run arbitrary
To test if I have been hacked: I run an automated task from my
home computer that requests my home page every 15 minutes. I use a
URL variable that tells my home page to display a footer (which only
appears when this particular url variable is present) which shows my
name, address, phone,
No - if you are hacked, the home page is available, but it includes a
javascript that does bad things to the visitors.
The most common way is a sql injection attack, where they insert the
javascript into some fields in the database, (in my case, they
appended the javascript to all vchar fields
A few ideas:
1. Set the ftp security to only allow
connections from specific IP addresses. If the
user has a dynamic ip, then use his entire
range.. better than letting the entire world in
2. Your blog shows why I said to Michael to
reformat the drive and reinstall everything when
he was
When it comes to something like this, the best
approach is to just go along with it. It really
isn't much trouble to separate out the personal information.
Then, if there is ever any problem - you can say you took precautions.
I do something similar and always have the
personal info in a
What problem are you having with iMS?
At 11:50 AM 4/30/2009, you wrote:
Till now I've been using iMS to send out list mail. The advantages are that
iMS will do a single connection to a mail server and send all messages for
that mail server on a single connection. This is important when
It depends on the value you provided. Is the program worth the
$40,000 or so? Will they be making a lot of money off of it? If so,
I wouldn't discount it after the fact. Do what you did on the
previous projects.. that is what they are expecting. If the website
doesn't appear elaborate, they
It might be the security settings on the disk where the temp file is
stored, or in the directory you ultimately save it to. Maybe
somebody at the hosting place decided to tighten up security.
~|
Adobe® ColdFusion® 8
I just heard about the paypal changes..
http://www.pdncommunity.com/pdn/board/message?board.id=payflowthread.id=6807http://www.pdncommunity.com/pdn/board/message?board.id=payflowthread.id=6807
Starting Sept 1 none of my paypal sites will wok:)
I have a bunch of websites on cfmx 7.
At 07:35 PM 5/19/2009, you wrote:
The error logging throttle needs some work (tries to prevent duplicate
error emails, etc.), but overall, I'm liking this approach mucho.
I gave up on emailing myself every error message. I use gmail and
it was refusing mail because I was getting too many.
I would use a stored procedure which just adds 1 to a value in the
database, updates the database and returns the number (inside a transaction)..
however, you have to be careful with sequential numbers. If you are
using them on a website, explore what happens if you change the
number to the
I use Smartermail, but I am slowly moving all of my email accounts to gmail.
I wouldn't put smartermail on the same server as your CF server.. it
takes up a lot of resources for the spam and virus checking.
One problem with gmail is they have problems when you receive too
much mail in 1
I believe (can anyone confirm this?) that when a mail server employs
greylisting against spammers, that would also send a Delivery Status
Notification message, but your mail server seems to know to retry it
and it gets through.
The reason I think this is what happens is that I was trying to
I created a group of 50 brain tumor organizations and need to
create a calender that each member can insert into their own website,
but takes the data from my website.. I see a lot of sample code out
there for creating the actual calander, but I am thinking about how
to actually implement
I did a similar thing by sending a fax to the remote locations.
Worked nicely.
The fax told them the job, and also told them to acknowledge receipt
on the website.. so they would go to the website and a list of
pending jobs was waiting for them, in case they missed a fax
somehow.. Then they
There is an amazing resource on google that teaches how to speed up
applications..
http://code.google.com/speed/articles/
read the one on properly including stylesheets and scripts. I
never knew that the order that they appear can make a huge difference
in speed.. probably much more so
One other thing I do is put the users' name on every page and report,
and I also list the last 10 transactions they did at the bottom of
the page, with a way to undo them or edit them.. which makes it
awkward for them to share the login.. the other person can undo
their work, and see what
Perhaps with the direct domain name, you remove the ability to
traverse up the directory tree to get at the application.cfc?
Is the application.cfc in the same directory as the page you are calling?
Background: I have a local CFMX7 development server running on
Ubuntu 8.0.4 and Apache 2.2.
Search your hard drive for the filename... you may have to give it a
full path..
Also it might take time for the pdf to get generated. If the cfmail
is in the same template, the file might not be there yet by the time
cfmail needs it.
At 11:30 AM 7/27/2009, you wrote:
Your code below will
Look in the services applet and make sure all of the cold fusion
services are there and running.. Check windows event log
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of
Also check that you have enough disk space on the server.
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
Can you give us some of the text that was added to each file? And
was it added to the same spot in each file (like top or bottom?) I
have a monitor that checks my website every 5 minutes for changes to
the database.. I should probably add a function to compare the text
on the page and tell
I have been getting a lot lately... and had an interesting
one. One computer was hammering my server. They were trying a
dictionary attack on one of my forms, in addition to trying sql
injection on every dynamic page. Strangely, the IP address of the
attacker, 204.238.82.17, was from
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were recently called with the url
parameters.. when an attack is in progress, you see a lot of them
with big url parameters. Easy to see at a glance. Best part is then
you can view the sql
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Friday, January 15, 2010 2:44 PM
To: cf-talk
Subject: RE: Recent SQL Injection attacks
For coldfusion, I use Fusionreactor.. I look at the request history,
and you see the templates that were
I monitor my home page every 15 minutes for change. You can use any
of the free tools, or set up a cf scheduled task to do it.
I add a url parameter that tells the home page to dump all of the
data in the users table for my own entry. (My name, address, phone, etc).
IF that page changes, I
I know this came up a while ago.. I know HOW to throttle email, but
not how many per minute/hour is good..
I was doing great for a long time with sending 2000 messages a day to
Hotmail and MSM.. I split them up by sending 25 at a time, every 5 minutes
but I now am having problems with msm and
and kills us.
t 11:09 PM 1/27/2010, you wrote:
On Wed, Jan 27, 2010 at 10:36 PM, Al Musella, DPM
muse...@virtualtrials.com wrote:
the question: how many messages can be sent per time span and get
through? Anyone work this out? We follow all of the rules with
double opt in, but have some really
I had that problem.. and the danger is that if there is too much
spam, the sellers will leave your site and go elsewhere because it
isn't worth thier time.. so you need to stop it.
What I did was set up a system where the form submission saves the
email to a database and a human has to
Does it always cause an error or just sometimes? If it is sometimes,
it might be the browser not sending the http_referer..
try using cfparam on it.
At 12:23 PM 2/10/2010, you wrote:
All this code is doing is setting 2 variables, based on values that existed
in the user's previous request,
Nonprofits can get donations of windows server and adobe photoshop
for a small admin fee from techsoup.org
They do not offer cold fusion as a donation there.
You'll find it on same shelf as the free Windows Server and the free Adobe
Photoshop. I think it's right above the free Laptops. :-)
I would also add this:
http://www.cflib.org/udf/FormStripHTMLhttp://www.cflib.org/udf/FormStripHTML
strip out the html before it goes into the database.
This query below is only hackable if the County.ID is a text field
and people can enter it from a website. (Like if you ask for an
An easier way might be an iframe.
At 09:22 AM 3/28/2010, you wrote:
The first thing that comes to mind is loading that slow portion using
AJAX or JavaScript-based rendering after the rest of the page has
finished loaded.
-Mike Chabot
On Sun, Mar 28, 2010 at 8:44 AM, Michael Dinowitz
LocalURL came into being with coldfusion 8,, and he said he is using cf7
Make sure to read the optimization notes related to cfdocument. There
are tricks you can do which speed up embedding of images, which are
documented in a number of places, including the online help. If
cfdocument is
If you are checking for the site to be up, you may as well check that
everything is working ok also.. What I do is use cfhttp to get my
home page - but I add a special url parameter which tells my page to
add an entire record from my user's database at the bottom of the
page. (I use my own
If you are checking for the site to be up, you may as well check that
everything is working ok also.. What I do is use cfhttp to get my
home page - but I add a special url parameter which tells my page to
add an entire record from my user's database at the bottom of the
page. (I use my own
I can't believe I got hit again. One of my old pages that is no
longer linked into the website didn't have a cfqueryparam.. I deleted
it from my local machine but forgot to delete it from the server.
I have a generic checker in my cfapplication, but it missed this
one.. here is the sequence
Hi Mark,
You missed the first part of my post.. they actually look up all
of the table names and field names! They don't do it by throwing random errors!
And it replaced all of the text instead of appending. Appending is
easier to fix. Luckily nothing of importance is stored in that
You should never include file uploading or photo processing within
a transaction. It won't scale. It might work well on your test
system, but when 20 people try to upload photos at the same time, and
even if 1 has a slow connection, your system will crash and burn.
Perhaps another way is to
Interesting problem..
perhaps create a separate table of search terms and results.
When someone starts typing, after maybe 5 characters, search this
table and if found, display those results.
IF it is not in the search table, do a real search, but only retrieve
the top 5 matches- order by
When I use an included file, I set a variable = true. then in all
places where you might want to include it again, you check for that
variable, and if it is not present, include the file. if it is
present, you don't include it.
t 11:01 AM 6/18/2010, you wrote:
I am receiving the error
http://www.hunlock.com/blogs/Mastering_The_Back_Button_With_Javascripthttp://www.hunlock.com/blogs/Mastering_The_Back_Button_With_Javascript
At 01:34 PM 7/10/2010, you wrote:
hi,
i am storing user data in the session scope. when the user logs out
it runs a structclear(session) and a
201 - 300 of 397 matches
Mail list logo
