What I do is similar.. IF I detect a sql injection, I also add the ip address of the user to my banned IP list. I ban them for a week.. this way if they manage to find a page that isn't protected, they can't do any damage. I use a server variable to hold the list of banned IP addresses, so I can share the list among the few websites I host. Then whenever anyone requests a page, I check if their ip is on the banned list, if so, I just log it and display an error page saying the website is down for maintenance and return soon.
At 06:02 PM 1/15/2010, Chung Chow wrote: >On the SQL injection subject, here's something I add in all my projects. >I usually use this snippet of code to intercept at the top level. It >helps. > ><cffunction name="isSQLInjection" access="public" hint="Checks to see if >there is a possible SQL Injection attempt"> > <cfscript> > if ( isdefined("cgi.query_string") and ( >findnocase("DECLARE",cgi.query_string) or >findnocase("CAST(",cgi.query_string) or >findnocase("EXEC(",cgi.query_string) or >findnocase("EXEC%",cgi.query_string) or len(cgi.query_string) gte 700 >) ) return true; > else return false; > </cfscript> ></cffunction> > > > -----Original Message----- > > From: Al Musella, DPM [mailto:muse...@virtualtrials.com] > > Sent: Friday, January 15, 2010 2:44 PM > > To: cf-talk > > Subject: RE: Recent SQL Injection attacks > > > > > > For coldfusion, I use Fusionreactor.. I look at the request history, > > and you see the templates that were recently called with the url > > parameters.. when an attack is in progress, you see a lot of them > > with big url parameters. Easy to see at a glance. Best part is then > > you can view the sql queries that ran and how many rows were > > affected! I can verify that they don't get through to the real > > database - just the query logging the attempt in my HACK database! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329721 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4