MySQL and PostgreSQL users may not suffer from the DB portion of the attack, however if their sites are hit hard enough with the attack it can and in some cases did act as a DDOS attack.
Wil On Mon, Aug 11, 2008 at 11:16 AM, Rick Faircloth <[EMAIL PROTECTED]>wrote: > Whew! That's a relief! > > Thanks for the confirmation and explanation, Ryan! > > Rick > > > -----Original Message----- > > From: Ryan Stille [mailto:[EMAIL PROTECTED] > > Sent: Monday, August 11, 2008 11:51 AM > > To: CF-Linux > > Subject: Re: SQL injection attacks getting out of control > > > > mac jordan wrote: > > > On Mon, Aug 11, 2008 at 4:20 PM, Ryan Stille <[EMAIL PROTECTED]> > wrote: > > > > > > > > >> Rick, I believe this current wave of attacks is only targeting MS SQL > > >> Server. You mention you are using MySQL, so *this* particular attack > > >> should be of no concern to you. > > > > > > > > > What gives you that idea? We run CF on Linux/Apache with mySQL, and > we've > > > been under attack since Thursday, although thankfully it is easing now. > > > > > > > Maybe 'targeting' was not the word to use. The attack is coded to > > create MS SQL stored procedure and execute it. The SP goes through some > > SQL Server specific system tables, and alters the data in them. MySQL > > users are not vulnerable to this attack. > > > > -Ryan > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Linux/message.cfm/messageid:4440 Subscription: http://www.houseoffusion.com/groups/CF-Linux/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.14
