Shawn,
I think you might be over estimating average intelligence … From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of shawn gorrell Sent: Monday, November 23, 2009 2:42 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] SQL Injection My question is what kind of fool would actually believe you'd rent a house like yours for $700? You can hardly get a crappy apartment for $700, let alone a nice, new, big house. The whole thing had red flags all over it. _____ From: Dean H. Saxe <d...@fullfrontalnerdity.com> To: discussion@acfug.org Sent: Mon, November 23, 2009 2:36:49 PM Subject: Re: [ACFUG Discuss] SQL Injection Actually they found my house for sale, then looked at the tax records and created yahoo accounts as Mr. Saxe Dean H. to then try and rent it for $700. Bastards. -- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Nov 23, 2009, at 11:23 AM, Derrick Peavy wrote: Dear Mr. Dean Saxe of USA, LMFAO! Kindly and with God, _____________________ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _____________________ On Nov 23, 2009, at 1:59 PM, Dean H. Saxe wrote: You mean like the one who "rented" my house when it was for sale? At least 2 people lost $1k in that scam. And one of them showed up at my door ready to take possession of the house the day before I moved out! -- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Nov 23, 2009, at 10:54 AM, shawn gorrell wrote: To each their own. The plus side of the Nigerian scammer types is they have many more lulz than APNIC or RIPE. _____ From: Derrick Peavy <derr...@derrickpeavy.com> To: discussion@acfug.org Sent: Mon, November 23, 2009 1:50:40 PM Subject: Re: [ACFUG Discuss] SQL Injection That being said.... I still block Afrinic and will continue to do so. Too many past issues with Nigeria. It may be whackamole, but it's effective enough that i no longer have to deal with brute force attacks nearly as often. I consider it low hanging fruit to knock off some of the subnets that are known to be nasty. Takes 10 minutes and then RONCO - "Set it and Forget it!" _____________________ Derrick Peavy derr...@derrickpeavy.com 404-786-5036 “Innovation distinguishes between a leader and a follower.” -Steve Jobs _____________________ On Nov 23, 2009, at 11:01 AM, shawn gorrell wrote: I was just getting ready to say that... When I first started administering servers I used to get really freaked out by all of the attack traffic and spent a bunch of time blocking IP's at the router. Over time I realized that it was just playing whack-a-mole and was mainly a waste of my time. If you knock them down on one subnet, another will popup, and your overall attack traffic will be undiminished. All you've done is waste your own time and mental energy. A better approach is to make sure your network, server and applications are as tight as they can be (and validate that regularly), and quit worrying about botnets and script kiddies. _____ From: Dean H. Saxe <d...@fullfrontalnerdity.com> To: discussion@acfug.org Sent: Mon, November 23, 2009 10:55:25 AM Subject: Re: [ACFUG Discuss] SQL Injection You miss the point. Attackers don't just originate from their home countries, they bounce through proxies around the world, including where your intended audience sits. -dhs -- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Nov 23, 2009, at 7:49 AM, Troy Jones wrote: I think that would depend on the intended scope and audience of your site or server's sites. For example, does someone in Beijing need to browse for a product that isn't available over the web or sold in any store outside the contiguous U.S.? Or would someone in Ulan Bator need to set up a pick-up laundry service in St. Louis? Of course there would be exceptions but I think it would be worth the small number of legitmate denials to do this. <image001.jpg> ___________________________________________________________________________________________ Troy Jones | Developer/Support Technician | Dynapp Inc | 1-800-830-5192 ext. 603 | <http://www.dynapp.com/> dynapp.com | <http://www.facebook.com/dynapp> facebook.com/dynapp From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe Sent: Friday, November 20, 2009 10:08 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] SQL Injection Yeah sure, you CAN, but its not the solution to the problem. On a recent incident response we had attacks originating from asia, south america and europe. Do you plan on blocking them all? -dhs -- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote: You can block subnets. On a couple of domestic sites, I have even blocked all requests from ALL OF ASIA (or close). While I know this is a drastic measure… all SQL Injection attack (and other hack attacks) attempts reduced by 98% with that done. Here is a link that describes how to do this and why: http://www.parkansky.com/china.htm From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe Sent: Friday, November 20, 2009 11:59 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] SQL Injection Blocking IPs is useless, attackers will just use another proxy to change the apparently location of the originating attack. You can't stop the attempts, you must instead prevent the exploitation of vulnerable code. This means writing secure code using data validation on all input, data sanitization on output (in this case, parameterized queries using cfqueryparam) and following the principle of least privilege on the database access. -dhs -- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote: Hey folks, I saw John's tweet earlier this week about a new wave of SQL Injection ( and link to a great article on it http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss), and sure enough I'm seeing a huge upswing in attempts. Over 100 failed attempts last night alone. We have taken the steps to prevent damage / harm, but I was wondering what folks are doing after they stop the attempt. What kind of message if any do you provide ? Are people checking the logs, and blocking IP's of the worst offenders? Or something else? -Rudi ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org/?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com/> ------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - www.avg.com <http://www.avg.com/> Version: 8.5.425 / Virus Database: 270.14.78/2521 - Release Date: 11/23/09 07:52:00 ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org/?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com/> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org/?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com/> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform <http://www.acfug.org/?fa=login.edituserform> For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com/> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink <http://www.fusionlink.com> ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
