Tis a problem.. What if you trapped the error with another fuseaction,
email the admin and send the user to another fuseaction that simply
displays the "user-friendly" error? The hacker would hit that page
repeatedly but with no additional emails.
They COULD, howevere, go back and re-create the error again and
again, but I would imagine, this would get tiresome for that idiot
hacker..
My .02...
Bob Krieger
www.FDBTutor.com
The FuseBox Tutor
-----Original Message-----
From: Steve Nelson [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 31, 2002 7:58 AM
To: [EMAIL PROTECTED]
Subject: Re: Global Error Trapping with CFERROR
I get emailed when errors happen. If I get an unusual number of errors
from someone, I go into IIS and block their IP address. I've had to do
this a few times.
Steve Nelson
Steve Bryant wrote:
> One thought on that...
>
> I generally have my errors emailed to me as well. However, I am
> reading through "Hackproofing ColdFusion" and the author suggests that
> some hackers will find error pages (the ones with the user friendly
> error) and hit them repeatedly. The goal here is to overwhelm the
> mailserver. It is based on the assumption the error will be emailed to
> a system admin. If they can cause a massive number of hits to the page
> then they can crash your mailserver.
>
> I haven't figured out a good solution for this yet. The book probably
> has an idea for this and I just haven't read that far yet. Apparently
> if you are logging errors instead of emailing them, it can still cause
> problems.
>
> Speaking of, the book just came out and so far it is really good. The
> majority of the stuff in there is pretty common sense, but it has
> enough new stuff (to me anyway) like the above to be well worth the
> money. I highly recommend it! (I don't know the author or anything).
>
> At 08:35 AM 5/31/2002 -0400, you wrote:
> >Add this into index.cfm
> >
> ><cferror type="EXCEPTION" template="act_error.cfm">
> >
> >Then I usually make act_error email me an error of what's going on
> >and at the end I cflocate to home.error and it shows a friendly error
> >page. Now keep in mind since I cflocate to a fb3 path if there is
> >something wrong with the core files, like say I accidentlly delete
> >them, technically it would keep emailing me, but if I did something
> >stupid enough to damage fb3 I deserve to get tons of email becuase my
> >site is completely broken.
> >
> >Robert Everland III
> >Dixon Ticonderoga
> >Web Developer Extraordinaire
> >
> >-----Original Message-----
> >From: Yudi [mailto:[EMAIL PROTECTED]]
> >Sent: Thursday, May 30, 2002 8:17 PM
> >To: [EMAIL PROTECTED]
> >Subject: Global Error Trapping with CFERROR
> >
> >
> >Hi,
> >Do anybody know how to create cferror in fusebox 3 ?
> >I put the following code on application.cfm
> ><cferror type="exception"
> > exception="any"
> > template="dsp_MsgErrors.cfm"
> > >
> >And I created dsp_MsgErrors.cfm at root site.
> >If I don't use fusebox 3 this code working well.
> >
> >Thank you
> >
> >Yudi
>
==^================================================================
This email was sent to: [email protected]
EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrFMa.bV0Kx9
Or send an email to: [EMAIL PROTECTED]
T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^================================================================
