Andrew, I need to check with my hosting provider to see if they've taken any measures, but at least I'm on a VPS instead of shared hosting using MySQL.
After running my own server for 5 years and decided that the cost of VPS's made it worth outsourcing the hosting again, I can't imagine going back to shared hosting and putting up with the limitations. But sometimes, it's necessary in some situations. For now, it looks like I'm protected. But I know the time is coming. Rick > -----Original Message----- > From: Andrew Scott [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2008 10:38 PM > To: CF-Talk > Subject: RE: SQL injection attack on House of Fusion > > Rick, > > I think it is only a matter of time, I only have one ColdFusion website that > is on a shared server/public. I have been through the attacks, but when > speaking with the hosting provider I think they started to put measures in > place for the entire servers. > > Not 100% sure, as I haven't seen these attacks for nearly 2 years. So I > better touch some wood:-) > > > > > > -- > Senior Coldfusion Developer > Aegeon Pty. Ltd. > www.aegeon.com.au > Phone: +613 9015 8628 > Mobile: 0404 998 273 > > > > > -----Original Message----- > From: Rick Faircloth [mailto:[EMAIL PROTECTED] > Sent: Sunday, 17 August 2008 3:39 AM > To: CF-Talk > Subject: RE: SQL injection attack on House of Fusion > > Man... at this point, after reading about all of these problems with > SQL injection, and having been told that it doesn't concern MySQL, I'm glad > I'm using MySQL. This would be one big, time-consuming headache, otherwise. > > I'm a solo developer and can use whatever DB I prefer, but I realize some > of you have to use the affected DB's. > > I'm sure the whole thing is nothing but aggravation, to the point of wanting > to strangle (or shoot, if you're Andrew :o) (at least I think that's his > prefered > method of punishment) those abusing the DB's with attacks. > > However, my day to deal with the attackers will come, I'm sure...hang in > there, > guys and gals. > > Rick > > > -----Original Message----- > > From: Mark Kruger [mailto:[EMAIL PROTECTED] > > Sent: Saturday, August 16, 2008 12:37 PM > > To: CF-Talk > > Subject: RE: SQL injection attack on House of Fusion > > > > David, > > > > As a stop gap while in full force you could use the ISAPI filtering > > technique or apache rewrite. This wuold keep it from reaching CF. Of > course > > that still might mean changing for every site in your pool of sites. I > have > > a post on it... The comments are pretty useful as well: > > > > > http://www.coldfusionmuse.com/index.cfm/2008/8/8/isapi-rewrite-rule-prevents > > -sql-injection > > > > There are about 6 or 8 posts on the topic and links to many other blogs as > > well. > > > > If that doesn't work, I have dropped a blocker script into a few dozen > > vulnerable sites - again as as stop gap. It is important to note that > these > > can only be considered a temporary fix. > > > > -mark > > > > > > > > Mark A. Kruger, CFG, MCSE > > (402) 408-3733 ext 105 > > www.cfwebtools.com > > www.coldfusionmuse.com > > www.necfug.com > > > > -----Original Message----- > > From: David Moore [mailto:[EMAIL PROTECTED] > > Sent: Saturday, August 16, 2008 11:16 AM > > To: CF-Talk > > Subject: Re: SQL injection attack on House of Fusion > > > > I am new to the post, but I have been programming in CF for over 10 years > > and know some of you from the CF Forums. > > > > I am getting slammed with this crud as well on over 30 of my websites. Any > > suggestions as how to handle this for multuple sites on 1 server? I just > > discovered the issue as it seems to be targeting multiple sites on my > > server. > > > > David G. Moore, Jr. > > UpstateWeb, LLC > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311148 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
