Yeah, I've gotten a couple today.. but fortunately when Ray built
BlogCFC. he covered his bases.
Scott Stewart
ColdFusion Developer
Office of Research Information Systems
Research & Economic Development
University of North Carolina at Chapel Hill
Phone:(919)843-2408
Fax: (919)962-3600
Email: [EMAIL PROTECTED]
Michael Dinowitz wrote:
> Sorry for the problems with the House of Fusion site. We've been under
> massive attack by sql injection bots and I've just been able to get a handle
> on it. A fast solution to the problem is this:
> <cfif findnocase("';DECLARE", cgi.query_string)><cfabort></cfif>
> It works unless you have a few hundred attacks at a time. In that case,
> place a cfmail before the abort and send youself the cgi.remote_addr. Then
> block it on the webserver level. It works very well. I've blocked a dozen
> IPs and now the site is back to flying.
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310511
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
