For coldfusion, I use Fusionreactor.. I look at the request history, and you see the templates that were recently called with the url parameters.. when an attack is in progress, you see a lot of them with big url parameters. Easy to see at a glance. Best part is then you can view the sql queries that ran and how many rows were affected! I can verify that they don't get through to the real database - just the query logging the attempt in my HACK database! I wouldn't run a cold fusion server without a tool like fusion reactor. I created my website with coldfusion 2.0, and a lot of the pages haven't been updated (except for sql injection proofing) since then.and I learned a lot since then.. fusion reactor gives me the list of slow running pages, and I try to improve at least one of them every day. I made the entire site much faster, and concentrated on the most frequently used pages. Before fusionreactor, I had no idea which pages were the slowest, and what was being looked at right now and by whom, and how the querries were doing - timewise and memory wise.
For the forms, my website deals with some mentally challenged people and really important stuff.. so I try to make it easy for them. I log all attempts to login. I get an alert if someone fails more than twice. I get a screen with the username they are trying, the passwords they tried, the real password, name , location (so I know the time zone) & phone number - as well as a way to unlock it ( it gets locked after 3 unsuccessful attempts). I can tell if it is a real person struggling or if it is someone trying to break in. If they are trying to break in, I add their ip address to our list of banned ip addresses. If it is a real person, and the local time is reasonable, I call them and help them get in. I am planning on adding chat capability soon. I usually turn off ftp on my server, except when I need someone to upload a large file like an mri. I had it on recently and noticed the log file was way too big (it is usually 1-2k, and now it was like 100k).. so I looked through it and saw someone was alternating between trying administrator and webmaster as the user names, and many password. Never got in. I don't have an administrator or webmaster account allowed for ftp access:) At 04:11 PM 1/13/2010, you wrote: >How do you guys monitor these attacks? The webserver logs? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329710 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
