Rick, I think it is only a matter of time, I only have one ColdFusion website that is on a shared server/public. I have been through the attacks, but when speaking with the hosting provider I think they started to put measures in place for the entire servers.
Not 100% sure, as I haven't seen these attacks for nearly 2 years. So I better touch some wood:-) -- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -----Original Message----- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: Sunday, 17 August 2008 3:39 AM To: CF-Talk Subject: RE: SQL injection attack on House of Fusion Man... at this point, after reading about all of these problems with SQL injection, and having been told that it doesn't concern MySQL, I'm glad I'm using MySQL. This would be one big, time-consuming headache, otherwise. I'm a solo developer and can use whatever DB I prefer, but I realize some of you have to use the affected DB's. I'm sure the whole thing is nothing but aggravation, to the point of wanting to strangle (or shoot, if you're Andrew :o) (at least I think that's his prefered method of punishment) those abusing the DB's with attacks. However, my day to deal with the attackers will come, I'm sure...hang in there, guys and gals. Rick > -----Original Message----- > From: Mark Kruger [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2008 12:37 PM > To: CF-Talk > Subject: RE: SQL injection attack on House of Fusion > > David, > > As a stop gap while in full force you could use the ISAPI filtering > technique or apache rewrite. This wuold keep it from reaching CF. Of course > that still might mean changing for every site in your pool of sites. I have > a post on it... The comments are pretty useful as well: > > http://www.coldfusionmuse.com/index.cfm/2008/8/8/isapi-rewrite-rule-prevents > -sql-injection > > There are about 6 or 8 posts on the topic and links to many other blogs as > well. > > If that doesn't work, I have dropped a blocker script into a few dozen > vulnerable sites - again as as stop gap. It is important to note that these > can only be considered a temporary fix. > > -mark > > > > Mark A. Kruger, CFG, MCSE > (402) 408-3733 ext 105 > www.cfwebtools.com > www.coldfusionmuse.com > www.necfug.com > > -----Original Message----- > From: David Moore [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2008 11:16 AM > To: CF-Talk > Subject: Re: SQL injection attack on House of Fusion > > I am new to the post, but I have been programming in CF for over 10 years > and know some of you from the CF Forums. > > I am getting slammed with this crud as well on over 30 of my websites. Any > suggestions as how to handle this for multuple sites on 1 server? I just > discovered the issue as it seems to be targeting multiple sites on my > server. > > David G. Moore, Jr. > UpstateWeb, LLC > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311131 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
