How do you guys monitor these attacks? The webserver logs? > -----Original Message----- > From: Al Musella, DPM [mailto:muse...@virtualtrials.com] > Sent: Wednesday, January 13, 2010 12:34 PM > To: cf-talk > Subject: Re: Recent SQL Injection attacks > > > I have been getting a lot lately... and had an interesting > one. One computer was hammering my server. They were trying a > dictionary attack on one of my forms, in addition to trying sql > injection on every dynamic page. Strangely, the IP address of the > attacker, 204.238.82.17, was from the USA. It was a security > company. I called them and asked what they were doing. They said a > security audit! They said they had permission. Turns out they were > hired to test a website that is one letter off from my domain name > and they made a mistake. They stopped immediately. At least they > told me I passed:) > > My ftp server has also been getting dictionary attacks from > Amsterdam 95.154.246.98.. luckily my ftp sites are set up to allow > only certain ip addresses. > > > At 08:14 PM 1/12/2010, you wrote: > > >Didn't know about that IP. Thanks > > > >They got in through some code that was written literally 10 years ago > >on one of the clients forgotten sites. I've fixed up the cfquery tags > >and added my anti-injection code to the whole dir. > > > >Thanks > > > >-- > > > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329633 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
