You mean like the one who "rented" my house when it was for sale? At least 2 people lost $1k in that scam. And one of them showed up at my door ready to take possession of the house the day before I moved out!
-- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Nov 23, 2009, at 10:54 AM, shawn gorrell wrote: > To each their own. The plus side of the Nigerian scammer types is they have > many more lulz than APNIC or RIPE. > > From: Derrick Peavy <derr...@derrickpeavy.com> > To: discussion@acfug.org > Sent: Mon, November 23, 2009 1:50:40 PM > Subject: Re: [ACFUG Discuss] SQL Injection > > That being said.... > > I still block Afrinic and will continue to do so. Too many past issues with > Nigeria. It may be whackamole, but it's effective enough that i no longer > have to deal with brute force attacks nearly as often. > > I consider it low hanging fruit to knock off some of the subnets that are > known to be nasty. Takes 10 minutes and then RONCO - "Set it and Forget it!" > > _____________________ > Derrick Peavy > derr...@derrickpeavy.com > 404-786-5036 > > “Innovation distinguishes between a leader and a follower.” -Steve Jobs > _____________________ > > > > On Nov 23, 2009, at 11:01 AM, shawn gorrell wrote: > >> I was just getting ready to say that... >> >> When I first started administering servers I used to get really freaked out >> by all of the attack traffic and spent a bunch of time blocking IP's at the >> router. Over time I realized that it was just playing whack-a-mole and was >> mainly a waste of my time. If you knock them down on one subnet, another >> will popup, and your overall attack traffic will be undiminished. All you've >> done is waste your own time and mental energy. A better approach is to make >> sure your network, server and applications are as tight as they can be (and >> validate that regularly), and quit worrying about botnets and script >> kiddies. >> >> From: Dean H. Saxe <d...@fullfrontalnerdity.com> >> To: discussion@acfug.org >> Sent: Mon, November 23, 2009 10:55:25 AM >> Subject: Re: [ACFUG Discuss] SQL Injection >> >> You miss the point. Attackers don't just originate from their home >> countries, they bounce through proxies around the world, including where >> your intended audience sits. >> >> -dhs >> >> -- >> Dean H. Saxe >> "A true conservationist is a person who knows that the world is not given by >> his fathers, but borrowed from his children." -- John James Audubon >> >> >> >> >> On Nov 23, 2009, at 7:49 AM, Troy Jones wrote: >> >>> I think that would depend on the intended scope and audience of your site >>> or server's sites. For example, does someone in Beijing need to browse for >>> a product that isn't available over the web or sold in any store outside >>> the contiguous U.S.? Or would someone in Ulan Bator need to set up a >>> pick-up laundry service in St. Louis? Of course there would be exceptions >>> but I think it would be worth the small number of legitmate denials to do >>> this. >>> >>> <image001.jpg> >>> ___________________________________________________________________________________________ >>> >>> Troy Jones | Developer/Support Technician | Dynapp Inc | >>> 1-800-830-5192 ext. 603 | dynapp.com | facebook.com/dynapp >>> >>> From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe >>> Sent: Friday, November 20, 2009 10:08 PM >>> To: discussion@acfug.org >>> Subject: Re: [ACFUG Discuss] SQL Injection >>> >>> Yeah sure, you CAN, but its not the solution to the problem. On a recent >>> incident response we had attacks originating from asia, south america and >>> europe. Do you plan on blocking them all? >>> >>> -dhs >>> >>> -- >>> Dean H. Saxe >>> "A true conservationist is a person who knows that the world is not given >>> by his fathers, but borrowed from his children." -- John James Audubon >>> >>> >>> >>> >>> >>> On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote: >>> >>> >>> You can block subnets. On a couple of domestic sites, I have even blocked >>> all requests from ALL OF ASIA (or close). While I know this is a drastic >>> measure… all SQL Injection attack (and other hack attacks) attempts >>> reduced by 98% with that done. >>> >>> Here is a link that describes how to do this and why: >>> http://www.parkansky.com/china.htm >>> >>> From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe >>> Sent: Friday, November 20, 2009 11:59 AM >>> To: discussion@acfug.org >>> Subject: Re: [ACFUG Discuss] SQL Injection >>> >>> Blocking IPs is useless, attackers will just use another proxy to change >>> the apparently location of the originating attack. You can't stop the >>> attempts, you must instead prevent the exploitation of vulnerable code. >>> This means writing secure code using data validation on all input, data >>> sanitization on output (in this case, parameterized queries using >>> cfqueryparam) and following the principle of least privilege on the >>> database access. >>> >>> -dhs >>> >>> -- >>> Dean H. Saxe >>> "A true conservationist is a person who knows that the world is not given >>> by his fathers, but borrowed from his children." -- John James Audubon >>> >>> >>> >>> >>> >>> >>> On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote: >>> >>> >>> >>> Hey folks, >>> >>> I saw John's tweet earlier this week about a new wave of SQL Injection ( >>> and link to a great article on it >>> http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss), >>> and sure enough I'm seeing a huge upswing in attempts. Over 100 failed >>> attempts last night alone. >>> >>> We have taken the steps to prevent damage / harm, but I was wondering what >>> folks are doing after they stop the attempt. What kind of message if any >>> do you provide ? Are people checking the logs, and blocking IP's of the >>> worst offenders? Or something else? >>> >>> -Rudi >>> >>> >>> ------------------------------------------------------------- >>> To unsubscribe from this list, manage your profile @ >>> http://www.acfug.org/?fa=login.edituserform >>> >>> For more info, see http://www.acfug.org/mailinglists >>> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >>> List hosted by FusionLink >>> ------------------------------------------------------------- >>> >>> No virus found in this incoming message. >>> Checked by AVG - www.avg.com >>> Version: 8.5.425 / Virus Database: 270.14.78/2521 - Release Date: 11/23/09 >>> 07:52:00 >>> >>> >>> ------------------------------------------------------------- >>> To unsubscribe from this list, manage your profile @ >>> http://www.acfug.org/?fa=login.edituserform >>> >>> For more info, see http://www.acfug.org/mailinglists >>> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >>> List hosted by FusionLink >>> ------------------------------------------------------------- >> >> >> ------------------------------------------------------------- >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform >> >> For more info, see http://www.acfug.org/mailinglists >> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by FusionLink >> ------------------------------------------------------------- > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink > -------------------------------------------------------------