Al, I see values like this all of the time. In most cases, I'll see values like -1, -1' or 1' for input fields. I use a custom function to scan all form vars and if there is a match... I typically ban the IP address for a period of time. You'll *likely* find a pattern to the IP addresses that are problematic. Many IP subnets are repeat offenders.
~Che -----Original Message----- From: Al Musella, DPM [mailto:muse...@virtualtrials.com] Sent: Sunday, February 17, 2013 6:38 PM To: cf-talk Subject: RE: Problem with Hackers on Donation form through Authorize.net I added another filter today... I have always checked all form submissions for the bad keywords but I noticed that many of the attacks seem to start with them entering 1 or -1 as the first and or last name. Probably too lazy to put more keystrokes in when they are setting up the script. So now if a 1 or -1 is entered in any field that has the word "name" within the field name, they get added to my list of banned IP addresses and if they go to any page on any of the websites I run, they get an error page that looks like the website is down Anyone else seeing a lot of form submissions with -1 or 1 as the name? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354560 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
