If you have the option, that'd be much more efficient at the network level than in the app and would filter the IPs for all apps at once. It might get more 'effective' the larger it gets but it also gets less efficient.
The solution is to filter all input from users with something like cfqueryparam. The only reason to combine that with another solution is to filter data that made it in already... and like Tom said, simply formatting the data with htmledit on display will render the script/html as useless plain text. Not to get on a rant either but... 5-6 successful spam submissions per month is 5-6 too many in my opinion. There are too many simple solutions to 99.9% of them. It used to be that 1 would send a developer on a frenzied mission to stop it; now they are so abundant that people are becoming ok with 5 or 6 a month? Come on... if you don't filter your user content, the terrorists win. ;-) ..:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com http://cf4em.com -----Original Message----- From: Mike Kear [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2008 7:36 AM To: CF-Talk Subject: Re: HELP! SQL Injection Attack! Well, as I said, the answer to this (as it is for a lot of things on the web) is not one but a combination of tactics. The ban ip thing might not be the bees knees for this but it sure helps with the kind of thing i THOUGHT he was describing. I've been able to almost eliminate spam entries from my gurestbook/contact us forms (ok i havent almost eliminated , lets say dramatically reduced then) across my sites. On one client's site for example, their guestook was choking to death with thousands of entries all spam, and now it's fewer than 5-6 spam entries a month. I have a database of 9600 or so ip addresses that i wont accept input from on any of my sites. As time goes on it gets more and more effective. Anyway, whatever solves the Michael's problem I feel sure is going to be a combination of things, not just the one. Cheers Mike Kear Windsor, NSW, Australia Adobe Certified Advanced ColdFusion Developer AFP Webworks http://afpwebworks.com ColdFusion 8 Ent, PHP 4 and 5, ASP, ASP.NET hosting from AUD$15/month On Thu, Aug 7, 2008 at 9:20 PM, Dave Watts <[EMAIL PROTECTED]> wrote: >> I konw you havent described a SQL injection ... > > No, that's exactly what he described. The attack appends JavaScript to > character fields. And, unfortunately, blocking specific IP addresses won't > get you very far here, because it's a random, automated attack run from > compromised hosts in a botnet, I think. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310344 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
