RE: Recent SQL Injection attacks

Fri, 15 Jan 2010 19:56:53 -0800 

What I do is similar..  IF I detect a sql injection, I also add the 
ip address of the user to my banned IP list. I ban them for a week.. 
this way if they manage to find a page that isn't protected, they 
can't do any damage.  I use a server variable to hold the list of 
banned IP addresses, so I can share the list among the few websites I host.
  Then whenever anyone requests a page, I check if their ip is on the 
banned list, if so, I just log it and display an error page saying 
the website is down for maintenance and return soon.



At 06:02 PM 1/15/2010, Chung Chow wrote:

>On the SQL injection subject, here's something I add in all my projects.
>I usually use this snippet of code to intercept at the top level. It
>helps.
>
><cffunction name="isSQLInjection" access="public" hint="Checks to see if
>there is a possible SQL Injection attempt">
>         <cfscript>
>                 if ( isdefined("cgi.query_string") and (
>findnocase("DECLARE",cgi.query_string) or
>findnocase("CAST(",cgi.query_string) or
>findnocase("EXEC(",cgi.query_string) or
>findnocase("EXEC%",cgi.query_string)    or len(cgi.query_string) gte 700
>) ) return true;
>                 else return false;
>         </cfscript>
></cffunction>
>
> > -----Original Message-----
> > From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
> > Sent: Friday, January 15, 2010 2:44 PM
> > To: cf-talk
> > Subject: RE: Recent SQL Injection attacks
> >
> >
> > For coldfusion, I use Fusionreactor..  I look at the request history,
> > and you see the templates that were recently called with the  url
> > parameters..   when an attack is in progress, you see a lot of them
> > with big url parameters. Easy to see at a glance.  Best part is then
> > you can view the sql queries that ran  and how many rows were
> > affected!    I can verify that they don't get through to the real
> > database - just the query logging the attempt in my HACK database!
>
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329722
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Reply via email to