Well I guess I'm glad I am not the only one dealing with this. I implemented
<cfif cgi.query_string contains "DECLARE%20"> <cfheader statuscode="500" statustext="Server Error"> </cfif> at the top of /Application.cfm and that stopped it dead in its tracks, but not before spiking my custom logging app and turning my weekly sales response figures to oatmeal. A little spit and polish fixed that. One client had about a 3-day love affair with these bots before they went away. They made a mess of his error logs when the non-conforming data hit cfqueryparam but otherwise no noticeable effect. I think if I was still actively in the contract programming scene I would find the person propagating this and... pin a medal on them and shake their hand. This one attack has caused a whole slew of folks who thought I was a PITA crank over-obsessed with security to call me up, apologize and thank me. If I was still taking clients I'd have just doubled up my dance card. -- [EMAIL PROTECTED] Janitor, The Robertson Team mysecretbase.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310577 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4