Well I guess I'm glad I am not the only one dealing with this. I implemented
<cfif cgi.query_string contains "DECLARE%20">
<cfheader statuscode="500" statustext="Server Error">
</cfif>
at the top of /Application.cfm and that stopped it dead in its tracks,
but not before spiking my custom logging app and turning my weekly
sales response figures to oatmeal. A little spit and polish fixed
that.
One client had about a 3-day love affair with these bots before they
went away. They made a mess of his error logs when the non-conforming
data hit cfqueryparam but otherwise no noticeable effect.
I think if I was still actively in the contract programming scene I
would find the person propagating this and... pin a medal on them and
shake their hand. This one attack has caused a whole slew of folks
who thought I was a PITA crank over-obsessed with security to call me
up, apologize and thank me. If I was still taking clients I'd have
just doubled up my dance card.
--
[EMAIL PROTECTED]
Janitor, The Robertson Team
mysecretbase.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310577
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
