That's exactly what we are doing with URL re-writing. Outside of an IDS system I'm not sure what else you can do. Unfortunately ISP's won't step up and filter this type of traffic.
Mike -----Original Message----- From: Terry Ford [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 11:01 AM To: CF-Linux Subject: SQL injection attacks getting out of control Our server has now logged 51,000 attack requests in the last 4 hours. 160,000 attacks in the past 24 hours. I suspect we are getting hit so hard because we have hundreds of thousands of pages in Google. In short, these attacks are starting to grow very quickly in intensity. We are redirecting them away from CF with mod_rewrite, so CURRENTLY there is no major problem. My concern is what we are to do if these attacks keep growing at the current rate, and we end up taking in MILLIONS of requests an hour a day or two from now. Does anyone know of any solution? Our ISP has a firewall product (Cisco ASA firewall), but it deals on the packet level only. It has no visibility into URLs, so we have no way right now to filter traffic based on URL parameters. Any ideas on what we are to do should things continue to worsen? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Linux/message.cfm/messageid:4428 Subscription: http://www.houseoffusion.com/groups/CF-Linux/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.14
