Last time I advertised my property I
ended with "SCAMMERS, DON'T BOTHER", and
I still got emails from Lagos on where to
send the check (advance fee fraud).
: Especially the bad English wording.
The original ad was lifted directly
from
: my Realtor's postings. The response to any enquiry was in *really* bad : English. : -dhs : : -- : Dean H. Saxe : "A true conservationist is a person who knows that the world is not given by : his fathers, but borrowed from his children." -- John James Audubon : : On Nov 23, 2009, at 11:42 AM, shawn gorrell wrote: : My question is what kind of fool would actually believe you'd rent a house : like yours for $700? You can hardly get a crappy apartment for $700, let : alone a nice, new, big house. The whole thing had red flags all over it. : From: Dean H. Saxe <d...@fullfrontalnerdity.com> : To: discussion@acfug.org : Sent: Mon, November 23, 2009 2:36:49 PM : Subject: Re: [ACFUG Discuss] SQL Injection : Actually they found my house for sale, then looked at the tax records and : created yahoo accounts as Mr. Saxe Dean H. to then try and rent it for $700. : Bastards. : -- : Dean H. Saxe : "A true conservationist is a person who knows that the world is not given by : his fathers, but borrowed from his children." -- John James Audubon : On Nov 23, 2009, at 11:23 AM, Derrick Peavy wrote: : Dear Mr. Dean Saxe of USA, : LMFAO! : Kindly and with God, : _____________________ : Derrick Peavy : derr...@derrickpeavy.com : 404-786-5036 : “Innovation distinguishes between a leader and a follower.” -Steve Jobs : _____________________ : On Nov 23, 2009, at 1:59 PM, Dean H. Saxe wrote: : You mean like the one who "rented" my house when it was for sale? At least 2 : people lost $1k in that scam. And one of them showed up at my door ready to : take possession of the house the day before I moved out! : -- : Dean H. Saxe : "A true conservationist is a person who knows that the world is not given by : his fathers, but borrowed from his children." -- John James Audubon : On Nov 23, 2009, at 10:54 AM, shawn gorrell wrote: : To each their own. The plus side of the Nigerian scammer types is they have : many more lulz than APNIC or RIPE. : From: Derrick Peavy <derr...@derrickpeavy.com> : To: discussion@acfug.org : Sent: Mon, November 23, 2009 1:50:40 PM : Subject: Re: [ACFUG Discuss] SQL Injection : That being said.... : I still block Afrinic and will continue to do so. Too many past issues with : Nigeria. It may be whackamole, but it's effective enough that i no longer : have to deal with brute force attacks nearly as often. : I consider it low hanging fruit to knock off some of the subnets that are : known to be nasty. Takes 10 minutes and then RONCO - "Set it and Forget it!" : _____________________ : Derrick Peavy : derr...@derrickpeavy.com : 404-786-5036 : “Innovation distinguishes between a leader and a follower.” -Steve Jobs : _____________________ : On Nov 23, 2009, at 11:01 AM, shawn gorrell wrote: : I was just getting ready to say that... : When I first started administering servers I used to get really freaked out by : all of the attack traffic and spent a bunch of time blocking IP's at the : router. Over time I realized that it was just playing whack-a-mole and was : mainly a waste of my time. If you knock them down on one subnet, another will : popup, and your overall attack traffic will be undiminished. All you've done : is waste your own time and mental energy. A better approach is to make sure : your network, server and applications are as tight as they can be (and : validate that regularly), and quit worrying about botnets and script kiddies. : : From: Dean H. Saxe <d...@fullfrontalnerdity.com> : To: discussion@acfug.org : Sent: Mon, November 23, 2009 10:55:25 AM : Subject: Re: [ACFUG Discuss] SQL Injection : You miss the point. Attackers don't just originate from their home countries, : they bounce through proxies around the world, including where your intended : audience sits. : -dhs : -- : Dean H. Saxe : "A true conservationist is a person who knows that the world is not given by : his fathers, but borrowed from his children." -- John James Audubon : On Nov 23, 2009, at 7:49 AM, Troy Jones wrote: : I think that would depend on the intended scope and audience of your site or : server's sites. For example, does someone in Beijing need to browse for a : product that isn't available over the web or sold in any store outside the : contiguous U.S.? Or would someone in Ulan Bator need to set up a pick-up : laundry service in St. Louis? Of course there would be exceptions but I think : it would be worth the small number of legitmate denials todo this. : : <image001.jpg> : ______________________________________________________________________________ : _____________ : Troy Jones | Developer/Support Technician | Dynapp Inc | 1-800-830-5192 : ext. 603 | dynapp.com | facebook.com/dynapp : : From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe : Sent: Friday, November 20, 2009 10:08 PM : To: discussion@acfug.org : Subject: Re: [ACFUG Discuss] SQL Injection : : Yeah sure, you CAN, but its not the solution to the problem. On a recent : incident response we had attacks originating from asia, south america and : europe. Do you plan on blocking them all? : : -dhs : -- : Dean H. Saxe : "A true conservationist is a person who knows that the world is not given by : his fathers, but borrowed from his children." -- John James Audubon : : : On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote: : You can block subnets. On a couple of domestic sites, I have even blocked all : requests from ALL OF ASIA (or close). While I know this is a drastic : measure… all SQL Injection attack (and other hack attacks) attempts reduced : by 98% with that done. : : Here is a link that describes how to do this and why: : http://www.parkansky.com/china.htm : : From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe : Sent: Friday, November 20, 2009 11:59 AM : To: discussion@acfug.org : Subject: Re: [ACFUG Discuss] SQL Injection : : Blocking IPs is useless, attackers will just use another proxy to change the : apparently location of the originating attack. You can't stop the attempts, : you must instead prevent the exploitation of vulnerable code. This means : writing secure code using data validation on all input, data sanitization on : output (in this case, parameterized queries using cfqueryparam) and following : the principle of least privilege on the database access. : : -dhs : -- : Dean H. Saxe : "A true conservationist is a person who knows that the world is not given by : his fathers, but borrowed from his children." -- John James Audubon : : : On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote: : Hey folks, : I saw John's tweet earlier this week about a new wave of SQL Injection ( and : link to a great article on it : http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-again : st-sql-injection-and-xss), and sure enough I'm seeinga huge upswing in : attempts. Over 100 failed attempts last night alone. : We have taken the steps to prevent damage / harm, but I was wondering what : folks are doing after they stop the attempt. What kind of message if any do : you provide ? Are people checking the logs, and blocking IP's of the worst : offenders? Or something else? : -Rudi : : ------------------------------------------------------------- : To unsubscribe from this list, manage your profile @ : http://www.acfug.org/?fa=login.edituserform : For more info, see http://www.acfug.org/mailinglists : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : List hosted by FusionLink : ------------------------------------------------------------- : : No virus found in this incoming message. : Checked by AVG - www.avg.com : Version: 8.5.425 / Virus Database: 270.14.78/2521 - Release Date: 11/23/09 : 07:52:00 : ------------------------------------------------------------- : To unsubscribe from this list, manage your profile @ : http://www.acfug.org/?fa=login.edituserform : For more info, see http://www.acfug.org/mailinglists : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : List hosted by FusionLink : ------------------------------------------------------------- : ------------------------------------------------------------- : To unsubscribe from this list, manage your profile @ : http://www.acfug.org/?fa=login.edituserform : For more info, see http://www.acfug.org/mailinglists : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : List hosted by FusionLink : ------------------------------------------------------------- : ------------------------------------------------------------- : To unsubscribe from this list, manage your profile @ : http://www.acfug.org?fa=login.edituserform : For more info, see http://www.acfug.org/mailinglists : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : List hosted by FusionLink : ------------------------------------------------------------- : ------------------------------------------------------------- : To unsubscribe from this list, manage your profile @ : http://www.acfug.org?fa=login.edituserform : For more info, see http://www.acfug.org/mailinglists : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : List hosted by FusionLink : ------------------------------------------------------------- Mischa Uppelschoten VP of Technology The Banker's Exchange, LLC. 4200 Highlands Parkway SE Suite A Smyrna, GA 30082-5198 Phone: (404) 605-0100 ext. 10 Fax: (404) 355-7930 Web: www.BankersX.com Follow this link for Instant Web Chat: http://www.bankersx.com/Contact/chat.cfm?Queue=MUPPELSCHOTEN ----------------------- Original
Message -----------------------
From: "Dean H. Saxe" <d...@fullfrontalnerdity.com>
Date: Mon, 23 Nov 2009 12:13:33
-0800
Subject: Re: [ACFUG Discuss]
SQL Injection
-dhs
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-- Dean H. Saxe
"A true conservationist is a person
who knows that the world is not given by
his fathers, but borrowed from his children."
-- John James Audubon On Nov 23, 2009, at 11:42 AM, shawn
gorrell wrote:
|
- Re: [ACFUG Discuss] problem ... Teddy R. Payne
- Re: [ACFUG Discuss] problem ... Derrick Peavy
- Re: [ACFUG Discuss] problem ... Teddy R. Payne
- Re: [ACFUG Discuss] problem ... Derrick Peavy
- Re: [ACFUG Discuss] problem ... Teddy R. Payne
- Re: [ACFUG Discuss] problem ... Derrick Peavy
- [ACFUG Discuss] javacast to ... Derrick Peavy
- Re: [ACFUG Discuss] javacast... Teddy R. Payne
- Re: [ACFUG Discuss] javacast... John Mason
- Re: [ACFUG Discuss] javacast... Derrick Peavy
- re[2]: [ACFUG Discuss] SQL Injection Mischa Uppelschoten