Re: Recent SQL Injection attacks

Wed, 13 Jan 2010 13:25:45 -0800 

using cfformprotect i am doing an exercise whereby loggin each offending IP 
address in a table. next to each IP i am recording the number of times they 
reoffend. i am then using a block script (found from this site i think?)...

<!--- blacklist ip addresses --->
<cfset fName = getDirectoryFromPath(getCurrentTemplatePath()) & "blacklist.txt" 
/>

<cfif isDefined("url.updateapp") or NOT isDefined("application.blacklist")>
   <cfset application.blacklist = "" />
   <cfif FileExists(fName)>
      <cftry>
         <cffile action="read" file="#fName#" variable="application.blacklist" 
charset="utf-8" />
         <cfcatch></cfcatch>
      </cftry>
   </cfif>
</cfif>

<cfif ListFind(application.blacklist, cgi.remote_addr, Chr(13)&Chr(10))>
   <cflocation addtoken="false" url="/blacklist.html" />
   <cfabort />
</cfif>

<cfif FindNoCase("DECLARE", cgi.query_string) OR FindNoCase("CAST", 
cgi.query_string) OR FindNoCase("EXEC", cgi.query_string) OR FindNoCase("DROP", 
cgi.query_string) OR FindNoCase("DELETE", cgi.query_string)>
   <cfif not ListFind(application.blacklist, cgi.remote_addr,Chr(13)&Chr(10))>
      <cfset application.blacklist = ListAppend(application.blacklist, 
cgi.remote_addr, Chr(13)&Chr(10)) />
      <cftry>
         <cffile action="write" file="#fName#" output="#application.blacklist#" 
charset="utf-8" />
         <cfcatch></cfcatch>
      </cftry>
      <cflocation addtoken="false" url="/blacklist.html" />
          <cfabort />
   </cfif>
</cfif>

i am updating the text file with IP addresses with multiple offences. has been 
interesting and i do believe i have cut down the spam/injection attacks. 
however the table continues to grow and i think i am losing the battle. anyway 
thought this may gorw some ideas... 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329635
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to