Yep, exactly like that. It sounded like those 2 people should have known better, so I have a hard time being sympathetic towards them.
I've been on the target end of a couple of attempts from eBay and Craigslist and from what I saw, you'd have to be very gullible to get taken by one of them. The eBay one was better than the Craigslist attempts, but even that was pretty obvious. ________________________________ From: Dean H. Saxe <d...@fullfrontalnerdity.com> To: discussion@acfug.org Sent: Mon, November 23, 2009 1:59:48 PM Subject: Re: [ACFUG Discuss] SQL Injection You mean like the one who "rented" my house when it was for sale? At least 2 people lost $1k in that scam. And one of them showed up at my door ready to take possession of the house the day before I moved out! -- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Nov 23, 2009, at 10:54 AM, shawn gorrell wrote: To each their own. The plus side of the Nigerian scammer types is they have many more lulz than APNIC or RIPE. > > > > ________________________________ From: Derrick Peavy <derr...@derrickpeavy.com> >To: discussion@acfug.org >Sent: Mon, November 23, 2009 1:50:40 PM >Subject: Re: [ACFUG Discuss] SQL Injection > >That being said.... > > >I still block Afrinic and will continue to do so. Too many past issues with >Nigeria. It may be whackamole, but it's effective enough that i no longer have >to deal with brute force attacks nearly as often. > > >I consider it low hanging fruit to knock off some of the subnets that are >known to be nasty. Takes 10 minutes and then RONCO - "Set it and Forget it!" > > >_____________________ >Derrick Peavy >derr...@derrickpeavy.com >404-786-5036 > > >“Innovation distinguishes between a leader and a follower.” -Steve Jobs >_____________________ > > > >On Nov 23, 2009, at 11:01 AM, shawn gorrell wrote: > >I was just getting ready to say that... >> >>When I first started administering servers I used to get really freaked out >>by all of the attack traffic and spent a bunch of time blocking IP's at the >>router. Over time I realized that it was just playing whack-a-mole and was >>mainly a waste of my time. If you knock them down on one subnet, another will >>popup, and your overall attack traffic will be undiminished. All you've done >>is waste your own time and mental energy. A better approach is to make sure >>your network, server and applications are as tight as they can be (and >>validate that regularly), and quit worrying about botnets and script kiddies. >> >> >> >> ________________________________ From: Dean H. Saxe <d...@fullfrontalnerdity.com> >>To: discussion@acfug.org >>Sent: Mon, November 23, 2009 10:55:25 AM >>Subject: Re: [ACFUG Discuss] SQL Injection >> >>You miss the point. Attackers don't just originate from their home >>countries, they bounce through proxies around the world, including where your >>intended audience sits. >> >> >>-dhs >> >> >>-- >>Dean H. Saxe >>"A true conservationist is a person who knows that the world is not given by >>his fathers, but borrowed from his children." -- John James Audubon >> >> >> >> >>On Nov 23, 2009, at 7:49 AM, Troy Jones wrote: >> >>I think that would depend on the intended scope and audience of your site or >>server's sites. For example, does someone in Beijing need to browse for a >>product that isn't available over the web or sold in any store outside the >>contiguous U.S.? Or would someone in Ulan Bator need to set up a pick-up >>laundry service in St. Louis? Of course there would be exceptions but I think >>it would be worth the small number of legitmate denials to do this. >>> >>><image001.jpg> >>>___________________________________________________________________________________________ >>> >>>Troy Jones | Developer/Support Technician | Dynapp Inc | >>>1-800-830-5192 ext. 603 | dynapp.com | facebook.com/dynapp >>> >>>From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe >>>Sent: Friday, November 20, 2009 10:08 PM >>>To: discussion@acfug.org >>>Subject: Re: [ACFUG Discuss] SQL Injection >>> >>>Yeah sure, you CAN, but its not the solution to the problem. On a recent >>>incident response we had attacks originating from asia, south america and >>>europe. Do you plan on blocking them all? >>> >>>-dhs >>> >>>-- >>>Dean H. Saxe >>>"A true conservationist is a person who knows that the world is not given by >>>his fathers, but borrowed from his children." -- John James Audubon >>> >>> >>> >>> >>> >>> >>>On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote: >>> >>> >>> >>>You can block subnets. On a couple of domestic sites, I have even blocked >>>all requests from ALL OF ASIA (or close). While I know this is a drastic >>>measure… all SQL Injection attack (and other hack attacks) attempts reduced >>>by 98% with that done. >>> >>>Here is a link that describes how to do this and why: >>>http://www.parkansky.com/china.htm >>> >>>From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe >>>Sent: Friday, November 20, 2009 11:59 AM >>>To: discussion@acfug.org >>>Subject: Re: [ACFUG Discuss] SQL Injection >>> >>>Blocking IPs is useless, attackers will just use another proxy to change the >>>apparently location of the originating attack. You can't stop the attempts, >>>you must instead prevent the exploitation of vulnerable code. This means >>>writing secure code using data validation on all input, data sanitization on >>>output (in this case, parameterized queries using cfqueryparam) and >>>following the principle of least privilege on the database access. >>> >>>-dhs >>> >>>-- >>>Dean H. Saxe >>>"A true conservationist is a person who knows that the world is not given by >>>his fathers, but borrowed from his children." -- John James Audubon >>> >>> >>> >>> >>> >>> >>> >>>On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote: >>> >>> >>> >>> >>>Hey folks, >>> >>>I saw John's tweet earlier this week about a new wave of SQL Injection ( and >>>link to a great article on it >>>http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss), >>> and sure enough I'm seeing a huge upswing in attempts. Over 100 failed >>>attempts last night alone. >>> >>>We have taken the steps to prevent damage / harm, but I was wondering what >>>folks are doing after they stop the attempt. What kind of message if any do >>>you provide ? Are people checking the logs, and blocking IP's of the worst >>>offenders? Or something else? >>> >>>-Rudi >>> >>> >>>------------------------------------------------------------- >>>To unsubscribe from this list, manage your profile @ >>>http://www.acfug.org/?fa=login.edituserform >>> >>>For more info, see http://www.acfug.org/mailinglists >>>Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >>>List hosted by FusionLink >>>------------------------------------------------------------- >>> >>>No virus found in this incoming message. >>>Checked by AVG - www.avg.com >>>Version: 8.5.425 / Virus Database: 270.14.78/2521 - Release Date: 11/23/09 >>>07:52:00 >>>------------------------------------------------------------- >>>To unsubscribe from this list, manage your profile @ >>>http://www.acfug.org/?fa=login.edituserform >>> >>>For more info, see http://www.acfug.org/mailinglists >>>Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >>>List hosted by FusionLink >>>------------------------------------------------------------- >> >>------------------------------------------------------------- >>To unsubscribe from this list, manage your profile @ >>http://www.acfug.org/?fa=login.edituserform >> >>For more info, see http://www.acfug.org/mailinglists >>Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >>List hosted by FusionLink >>------------------------------------------------------------- > >------------------------------------------------------------- >To unsubscribe from this list, manage your profile @ >http://www.acfug.org?fa=login.edituserform > >For more info, see http://www.acfug.org/mailinglists >Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >List hosted by FusionLink >------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------