I think that would depend on the intended scope and audience of your site or server's sites. For example, does someone in Beijing need to browse for a product that isn't available over the web or sold in any store outside the contiguous U.S.? Or would someone in Ulan Bator need to set up a pick-up laundry service in St. Louis? Of course there would be exceptions but I think it would be worth the small number of legitmate denials to do this.
[cid:image001.jpg@01CA6C2A.867E4990] ___________________________________________________________________________________________ Troy Jones | Developer/Support Technician | Dynapp Inc | 1-800-830-5192 ext. 603 | dynapp.com<http://www.dynapp.com/> | facebook.com/dynapp<http://www.facebook.com/dynapp> From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe Sent: Friday, November 20, 2009 10:08 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] SQL Injection Yeah sure, you CAN, but its not the solution to the problem. On a recent incident response we had attacks originating from asia, south america and europe. Do you plan on blocking them all? -dhs -- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote: You can block subnets. On a couple of domestic sites, I have even blocked all requests from ALL OF ASIA (or close). While I know this is a drastic measure... all SQL Injection attack (and other hack attacks) attempts reduced by 98% with that done. Here is a link that describes how to do this and why: http://www.parkansky.com/china.htm From: ad...@acfug.org<mailto:ad...@acfug.org> [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe Sent: Friday, November 20, 2009 11:59 AM To: discussion@acfug.org<mailto:discussion@acfug.org> Subject: Re: [ACFUG Discuss] SQL Injection Blocking IPs is useless, attackers will just use another proxy to change the apparently location of the originating attack. You can't stop the attempts, you must instead prevent the exploitation of vulnerable code. This means writing secure code using data validation on all input, data sanitization on output (in this case, parameterized queries using cfqueryparam) and following the principle of least privilege on the database access. -dhs -- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote: Hey folks, I saw John's tweet earlier this week about a new wave of SQL Injection ( and link to a great article on it http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss), and sure enough I'm seeing a huge upswing in attempts. Over 100 failed attempts last night alone. We have taken the steps to prevent damage / harm, but I was wondering what folks are doing after they stop the attempt. What kind of message if any do you provide ? Are people checking the logs, and blocking IP's of the worst offenders? Or something else? -Rudi ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform<http://www.acfug.org/?fa=login.edituserform> For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink<http://www.fusionlink.com/> ------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.425 / Virus Database: 270.14.78/2521 - Release Date: 11/23/09 07:52:00 ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
<<inline: image001.jpg>>
