Your ISP is a good start or even the AFP, but I am sure the AFP will try to get you to talk to your ISP first.
-- Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au Phone: +613 9015 8628 Mobile: 0404 998 273 -----Original Message----- From: cfaussie@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Sent: Wednesday, 27 August 2008 1:53 PM To: cfaussie Subject: [cfaussie] Constant query injection attacks Hi guys Over the past few months we've been getting 1000s of errors from some idiot trying to hit us with a query injection attack (I've read on several forums that these hackers have given up on ASP sites and are now targeting CF site). Fortunately we didn't get stung because of good queryparaming however it's just annoying getting 100s of errors each day!! I very carefully unpacked the string and as per my guess it was setup to modify every record in every DB table and populate it with a reference back to a supposed .js file on a server in China. The .js file tries to download a .exe which would probably be a virus. There's no point trying to block their IP because they IP jump across 100s of addresses. I'm going to build in a fix to block the errors i.e. scan the query string for a 'declare' reference and kill it however does anyone know where I can report these guys to? The .js file lives at www.ppexe.com, which when I do a whois lookup there are minimal details and they're all in Chinese. Word of advice to all: DON'T FORGET TO <CFQUERYPARM/>!!!! Cheers Matthew --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaussie@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---
