I haven't mentioned this before because I do believe that filtering
request URLs is the wrong approach
Care to elaborate on this?
Denstar, dig out your neo-security.xml file. In my Windows CF8 standalong
install it is located in C:\ColdFusion8\lib\neo-security.xml
Look at the following
I am new to the post, but I have been programming in CF for over 10 years and
know some of you from the CF Forums.
I am getting slammed with this crud as well on over 30 of my websites. Any
suggestions as how to handle this for multuple sites on 1 server? I just
discovered the issue as it
I can't vouch for php, .Net but at least in the Java world ORM reduces that
risk to nil. And its built into the ORM, so if the ORM can't work out your
polymorphic function in the database then how does it do it?
php is as ColdFusion and Java; you can use a plain query string or use
a parametised
I am new to the post, but I have been programming in CF for over 10 years and
know some of you from the CF Forums.
I am getting slammed with this crud as well on over 30 of my websites. Any
suggestions as how to handle this for multuple sites on 1 server? I just
discovered the issue as it
: Re: SQL injection attack on House of Fusion
I am new to the post, but I have been programming in CF for over 10 years
and know some of you from the CF Forums.
I am getting slammed with this crud as well on over 30 of my websites. Any
suggestions as how to handle this for multuple sites on 1
I haven't mentioned this before because I do believe that filtering
request URLs is the wrong approach
Care to elaborate on this?
Denstar, dig out your neo-security.xml file. In my Windows CF8 standalong
install it is located in C:\ColdFusion8\lib\neo-security.xml
Look at the following
will come, I'm sure...hang in there,
guys and gals.
Rick
-Original Message-
From: Mark Kruger [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 16, 2008 12:37 PM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
David,
As a stop gap while in full force you could
I'm doing the request filtering in apache so that it never even
bothers my CF engine with the request, but I was wondering if Jochem
didn't like the filtering for a reason.
I wouldn't rely on it alone in any way, shape or form, but just
cutting down on the spam hits on the application seems like
So for six months you've known the feature is coming yet you're still
arguing about it now? Do you just like wasting people's time?
On Sat, Aug 16, 2008 at 11:37 PM, Andrew Scott
[EMAIL PROTECTED] wrote:
Man your about 6 months late with that news
--
mxAjax / CFAjax docs and other useful
.
www.aegeon.com.au
Phone: +613 9015 8628
Mobile: 0404 998 273
-Original Message-
From: Mark Kruger [mailto:[EMAIL PROTECTED]
Sent: Sunday, 17 August 2008 2:37 AM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
David,
As a stop gap while in full force you could use
-Talk
Subject: RE: SQL injection attack on House of Fusion
Man... at this point, after reading about all of these problems with
SQL injection, and having been told that it doesn't concern MySQL, I'm glad
I'm using MySQL. This would be one big, time-consuming headache, otherwise.
I'm a solo
.
www.aegeon.com.au
Phone: +613 9015 8628
Mobile: 0404 998 273
-Original Message-
From: James Holmes [mailto:[EMAIL PROTECTED]
Sent: Sunday, 17 August 2008 12:15 PM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
So for six months you've known the feature is coming yet
: Sunday, 17 August 2008 12:15 PM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
So for six months you've known the feature is coming yet you're still
arguing about it now? Do you just like wasting people's time?
On Sat, Aug 16, 2008 at 11:37 PM, Andrew Scott
[EMAIL
Subject: Re: SQL injection attack on House of Fusion
There are always trade-offs.
Everything you add is a few (or more) cycles, and you've got to at
least sorta aim for optimization (if ambiguously).
Like, the hibernate stuff seems plenty fast to me right now, but what
happens when I toss a ton
On Sat, Aug 16, 2008 at 10:04 PM, Andrew Scott wrote:
Well at the end of the day, I am currently using hibernate in ColdFusion
thanks to Joe Reinhart I think is the one I am using. But I now plenty of
people are looking into it at the moment.
Hibernate is easy to use with CF8 and Java. Few
Sorry for the top posting, where are we now in terms of best practice for cf8
protection again sql injection attack? Going through 136+ posts seems a bit
too much, many thanks. Some one who has closely monitored this thread probably
could help.
Sorry for the problems with the House of Fusion
Sorry for the top posting, where are we now in terms of best practice for
cf8 protection again sql injection attack? Going through 136+ posts seems a
bit too much, many thanks. Some one who has closely monitored this thread
probably could help.
The same place we've always been:
*
But I know all this, I thought the sql injection attack went beyond it, thanks
anyway, Justin.
The same place we've always been:
* Validate user input
* Use CFQUERYPARAM
For applications that have old code, run a tool that will tell you
what
queries need to be updated or run a
On Fri, Aug 15, 2008 at 1:12 PM, Don L [EMAIL PROTECTED] wrote:
But I know all this, I thought the sql injection attack went beyond it,
thanks anyway, Justin.
it did not.
--
A byte walks into a bar and orders a pint. Bartender asks him What's
wrong? Byte says Parity error. Bartender nods
But I know all this, I thought the sql injection attack went beyond it,
thanks anyway, Justin.
Not as far as technique, but it was much larger in scale than most of us
have experience before. Some were getting hit so hard they had to
filter it farther up the chain (IIS, firewall, etc.) but
As an FYI: for those that did use Apache configs to stop this attack, if you
did not make sure your check was not case sensitive your being hit again.
I just saw this start coming into our logs this afternoon: Note that DECLARE
changed to DeCLARE. Some of the posts I saw for people to modify
Going through 136+ posts seems a bit too much, many thanks.
Arn't you affraid to get even more if you start another thread again? ;-)
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to
Not as far as technique, but it was much larger in scale than most of us
have experience before.
By the way, are you still getting hits from this attack?
I don't see any anymore.
--
___
REUSE CODE! Use custom tags;
See
They completely stopped on the 11th, but they are back to day spelling it
like DeCLARE.
~Brad
- Original Message -
From: Claude Schneegans [EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Friday, August 15, 2008 5:32 PM
Subject: Re: SQL injection attack on House of Fusion
And changed
EXEC to ExEC
I am getting hit pretty hard again. It stopped for a few days but
they are back.
At 06:56 PM 8/15/2008, you wrote:
They completely stopped on the 11th, but they are back to day spelling it
like DeCLARE.
~Brad
What I'm curious about, is that there seems to be noone you can report this to?
I got hammered again the other day.. this time as well through
whatever form fields they could find.
Mark
On Sat, Aug 16, 2008 at 12:07 PM, Al Musella, DPM
[EMAIL PROTECTED] wrote:
And changed
EXEC to ExEC
I am
On Mon, Aug 11, 2008 at 9:01 PM, Andrew Scott wrote:
But one can dream. Like you said, I also doubt it will become open
source this release... Or even the next, but it will happen... Mark those
words...
While I don't think we'll get away from SQL anytime soon, I have
managed to get
You of all people have been around long enough to know, that
if we as a developer could have our jobs made easier. Makes
me wonder why you made your comment?
I don't see it as Adobe's place to tell me how to write code, which is
essentially what a framework of any type does. In the same way
1) It protects only against known threats. In order to be excluded we
have
to be a step far enough ahead to make sure the pattern is included.
2) It will produce false positives.
3) It is not role or user based.
4) Tend to give a false sense of security.
Just to add to this, in my own
Phone: +613 9015 8628
Mobile: 0404 998 273
-Original Message-
From: Ben Forta [mailto:[EMAIL PROTECTED]
Sent: Saturday, 9 August 2008 2:05 AM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
Yep, was curious about that too. I modified Justin's script to not send
e-mails
-Original Message-
From: Wil Genovese [mailto:[EMAIL PROTECTED]
Sent: Saturday, 9 August 2008 2:26 AM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
very few bots accept cookies. I've never actually seen one that does,
but I have read it is possible to write one
-Talk
Subject: RE: SQL injection attack on House of Fusion
Anyway, I propose the dot-com millionaires who left us stuck
with the current mess in the spam and virus arena be
personally required to fund an international Goon Squad with
kneecap breaking instructions to go after these vandals
. That is your school of thought,
right?
Dave Morris
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Sunday, August 10, 2008 11:15 PM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
Anyway, I propose the dot-com millionaires who left us stuck
I'm sure they exist even for CF 4.0
Yup, the val() function did/does wonders for integer input on queries,
even way back in CF4.
-Justin Scott
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release
away at
our systems until they find that one hole we didn't catch, and then blame it
on the victim!
Dave Morris
-Original Message-
From: Greg Morphis [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2008 9:04 AM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
that one hole we didn't catch, and then blame it
on the victim!
Dave Morris
-Original Message-
From: Greg Morphis [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2008 9:04 AM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
Ummm but is it not your website that YOU
should reasonably protect their servers and
websites,
but hackers should avoid their impulses or share responsibility for the
situation.
Rick
-Original Message-
From: Greg Morphis [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2008 10:20 AM
To: CF-Talk
Subject: Re: SQL injection
Criticizing someone for negligence is not blaming the victim. If the person who
coded the site is so incompetent as not to include a cfqueryparam for any user
input that has direct impact on the database, then they deserve to get blamed.
What's so difficult about cfqueryparam
, August 11, 2008 3:37 AM
Subject: RE: SQL injection attack on House of Fusion
Hmmm...
Of course it is possible to use cookies They chose not too... Why...
Because they have no real need to be attached to a session
Think about it for a minute or two
-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2008 9:45 AM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
This would probably be more productively viewed as as responsibility
issue, rather than blame.
Both parties, webmaster and attacker, bear
[mailto:[EMAIL PROTECTED]
Sent: 11 August 2008 15:45
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
This would probably be more productively viewed as as
responsibility issue, rather than blame.
Both parties, webmaster and attacker, bear responsibility
for the status of the server
a large group here and I wouldn't
want anyone to be incensed by trivializing such a traumatic event (although
obviously that is not the intent).
-Mark
-Original Message-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2008 9:45 AM
To: CF-Talk
Subject: RE: SQL
On Monday 11 Aug 2008, Brad Wood wrote:
I'm fairly convinced this bot used the Internet Explorer on the victims
It would make sense to use the same ActiveX control IE uses, yes.
--
Tom Chiverton
This email is sent for and on behalf of
[mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2008 11:24 AM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
Rick,
While your argument is well put, perhaps we could choose a slightly less
inflammatory analogy than rape. We have a large group here and I wouldn't
want anyone
Dave Morris wrote:
Ah. You're from the blame the victim school.
I just see different degrees of guilt. Negligence from developers,
greedy shortcuts from management, lazyness from end users, criminal
intent from hackers etc.
So I shouldn't be mad at the poor little hackers, because they
Seeing code solutions to this is cool. but imho its best left to your
router/firewall to handle. I'd contact the provider to have them put some
better controls in place. These are scenarios that almost delve into why cisco
has the zero day features on their gear..
Ah. You're from the blame the victim school.
Unfortunately, when I wrote the first 1,000 ColdFusion
templates using Ben Forta's CF 4.0 book, there was no
CFQueryParam. So going back and rewriting all those programs
(now well into several thousand) has been a bitch. And all
it took
Viewing this as a rape case, if a girl was hanging out on a
street corner and asking passers-by to rape her, then, yes,
she bears some responsibility for putting herself in that
situation. It doesn't mean the one who rapes her doesn't
bear the greater responsibility for the situation,
The second is that this is why. ColdFusion should have
adopted an approach that used an ORM instead With an ORM
it reduces the risk, provided the ORM takes these attacks seriously.
I have never seen these attacks with hibernate, within GORM
and Domain Driven design approaches.
Security in layers.
While it is usually best to thwart this style of attack at the
route/firewall, it is wise to have the extra layers at the
Apache/IIS/webserver, Coldfusion Application, CF Query and JDBC DB user
permission layers. If the first layer is bypassed or compromised then the
next
On Sun, Aug 10, 2008 at 6:35 AM, Bobby Hartsfield wrote:
Suggesting and getting caught doing are 2 different things. IF
writing/posting code were an issue though... then everyone who posted the
full script would be worried ;-)
I hope it's just chicken-little, but it's happening to other
on a test server.
Jaime
-Original Message-
From: jonese [mailto:[EMAIL PROTECTED]
Sent: Saturday, 9 August 2008 12:32 AM
To: CF-Talk
Subject: Way to View SQL Transaction history.. RE SQL Injection
Hey all,
So far we've been good but i'm helping some other companies
who have
On Mon, Aug 11, 2008 at 10:11 AM, Jochem van Dieten wrote:
I just see different degrees of guilt. Negligence from developers,
greedy shortcuts from management, lazyness from end users, criminal
intent from hackers etc.
I don't see ISPs on there, and while I'm no fan of much of the
Interestingly, hibernate is one of the rumoured additions to CF9:
http://www.barneyb.com/barneyblog/2008/06/19/cfunited-day-one/
etc
On Tue, Aug 12, 2008 at 12:44 AM, Dave Watts [EMAIL PROTECTED] wrote:
ColdFusion is a programming language, like Java. Just as Java doesn't come
with an ORM,
.
www.aegeon.com.au
Phone: +613 9015 8628
Mobile: 0404 998 273
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 12 August 2008 2:44 AM
To: CF-Talk
Subject: RE: SQL injection attack on House of Fusion
The second is that this is why. ColdFusion should have
adopted
:-o
Heh
..:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com
http://cf4em.com
-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 09, 2008 11:51 PM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
I'd tell you to watch what you
I've heard that in Saudi Arabia, a thief has the offending member removed at
the wrist. Since hackers commit their offence with their brain, wouldn't it
be appropriate to behead them?
Just a suggestion. :-\
Dave L.
Personally I'd rather they had a different part of their anatomy cut off.
Mind
-Talk
::Subject: Re: SQL injection attack on House of Fusion
::
::I've heard that in Saudi Arabia, a thief has the offending member removed
::at
::the wrist. Since hackers commit their offence with their brain, wouldn't
::it
::be appropriate to behead them?
::
::Just a suggestion. :-\
::
::Dave L
You haven't been around teenage boys much recently. That and the XBox are the
ONLY things they would miss.
Anyway, I propose the dot-com millionaires who left us stuck with the current
mess in the spam and virus arena be personally required to fund an
international Goon Squad with kneecap
I propose a baseball bat. It works well with both genders.
On Sun, Aug 10, 2008 at 11:16 PM, William Seiter [EMAIL PROTECTED] wrote:
You assume much.
Women are just as prowess at running a computer virus attack as men.
We just don't hear about them as much, as they seem to not get caught as
Wait, sorry. This is a cf-community thread, not a cf-talk one. It will be
moved right away.
On Sun, Aug 10, 2008 at 11:32 PM, Michael Dinowitz
[EMAIL PROTECTED] wrote:
I propose a baseball bat. It works well with both genders.
On Sun, Aug 10, 2008 at 11:16 PM, William Seiter [EMAIL
Anyway, I propose the dot-com millionaires who left us stuck
with the current mess in the spam and virus arena be
personally required to fund an international Goon Squad with
kneecap breaking instructions to go after these vandals.
And who exactly would that be?
If someone did this crap
Terry Ford wrote:
Pretty ingenious really, infecting websites via injection attack in order to
infect clients with browser vulnerabilities.
In 2001 it was: http://www.cert.org/advisories/CA-2001-26.html Now it is
just business as usual.
Jochem
On Fri, Aug 8, 2008 at 11:12 PM, Raymond Camden [EMAIL PROTECTED] wrote:
Hmm. I'm having no luck with this. I'm trying it on a blogcfc site, so
it's being added after /, so I also added path_info
RewriteEngine on
RewriteCond %{QUERY_STRING} .*DECLARE.* [NC]
RewriteRule ^(.*)$
Depending on your default directory settings in httpd.conf, you may
need to add the following directory attributes as well to your site to
allow mod_rewrite to operate:
#Allow mod rewrite on this directory
Directory /srv/www/htdocs/mysite
Options FollowSymLinks
AllowOverride All
Order
No go. It's not life or death - Im still using cfqueryparam, but I'd
love to get this working at the lowest level.
On Fri, Aug 8, 2008 at 11:47 PM, denstar [EMAIL PROTECTED] wrote:
non-wrapped (and it was grabbed off the web somewhere):
Options +FollowSymLinks
Options +Indexes
Ok, I've noticed that when I go to
host.com/?declare
it is working
but
host.com/x/index.cfm?';[EMAIL PROTECTED](4000);[EMAIL
Ray,
Our sysadmin ran into the same issue when we started on this
yesterday Here is part of the rule we're using now and it works for
the case yours does not. note the ^.
RewriteCond %{QUERY_STRING} ^.*DECLARE.*$
Wil Genovese
One man with courage makes a majority.
-Andrew Jackson
A fine
Still no go for me. I appreciate the help from all.
On Sat, Aug 9, 2008 at 8:58 AM, Wil Genovese [EMAIL PROTECTED] wrote:
Ray,
Our sysadmin ran into the same issue when we started on this
yesterday Here is part of the rule we're using now and it works for
the case yours does not. note the
1) It protects only against known threats. In order to be excluded we have
to be a step far enough ahead to make sure the pattern is included.
2) It will produce false positives.
3) It is not role or user based.
4) Tend to give a false sense of security.
Just to add to this, in my own testing
with
a major flaw in its own software. That's rare ;)
http://www.microsoft.com/technet/security/advisory/954462.mspx
--- On Sat, 8/9/08, Jochem van Dieten [EMAIL PROTECTED] wrote:
From: Jochem van Dieten [EMAIL PROTECTED]
Subject: Re: SQL injection attack on House of Fusion
To: CF-Talk cf
Terry Ford wrote:
Nimda did not use SQL injection as any sort of primary vector.
But it infected websites in order to infect browsers in order to infect
websites etc. So the current wave of worms using the same mechanism is
really 7 years too late to be ingenious.
Jochem
Here are my top 50: Note that the top 1 is in the same subnet as your
top 1. I had 134,993 attempts that I caught..
IP (times)
203.160.1.52 (705)
203.162.3.160 (373)
203.160.1.76 (325)
61.164.132.230 (325)
59.15.212.125 (258)
210.112.177.244 (252)
70.189.143.59 (219)
221.253.217.138 (204)
Now look at how many of those are from Asia Pacific Network Info Centre
..:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com
http://cf4em.com
-Original Message-
From: Al Musella, DPM [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 09, 2008 12:35 PM
To: CF-Talk
Subject: Re
[EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Saturday, August 09, 2008 11:58 AM
Subject: RE: SQL injection attack on House of Fusion
Now look at how many of those are from Asia Pacific Network Info Centre
~|
Adobe
]
Sent: Saturday, August 09, 2008 12:35 PM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
Here are my top 50: Note that the top 1 is in the same subnet as your
top 1. I had 134,993 attempts that I caught..
IP (times)
203.160.1.52 (705)
203.162.3.160 (373)
203.160.1.76 (325
I heard back from the FBI.. a live agent, not an automated response
like I was expecting:)
They don't seem to care, but suggested that I report it to CERT at
https://www.cert.org/reporting/incident_form.txt
Perhaps if a few of us reported it to CERT, they will investigate.
By the way - I hit
) AND
findnocase(';DECLARE', cgi.query_string)
Yes... bored again.
..:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com
http://cf4em.com
-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 09, 2008 1:37 PM
To: CF-Talk
Subject: Re: SQL injection attack
They don't seem to care, but suggested that I report it to
CERT at https://www.cert.org/reporting/incident_form.txt
Perhaps if a few of us reported it to CERT, they will investigate.
CERT posted this back in June. It's been active for a while, but originally
targeted ASP only.
Dave Watts,
I guess i'm missing something, Bobby. Why does a big share of the
problem belong to Apnic?
Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month
On Sun, Aug 10, 2008
://cf4em.com
-Original Message-
From: Mike Kear [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 09, 2008 4:49 PM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
I guess i'm missing something, Bobby. Why does a big share of the
problem belong to Apnic?
Cheers
Mike Kear
I'd tell you to watch what you suggest on a public forum, but heck-- we
already know the FBI doesn't care. :)
~Brad
Hmmm... if everyone did something like this... it would not only be
funny...
but probably piss off apnic and make them do something about their portion
of this problem
Hey all,
So far we've been good but i'm helping some other companies who have
experience successful SQL injection attacks.
Is there any way to see the log files of every transaction for a DB so
we can see which queries failed and which ones were a success?
jonese
http://www.jonese.us
Yeah, I've gotten a couple today.. but fortunately when Ray built
BlogCFC. he covered his bases.
Scott Stewart
ColdFusion Developer
Office of Research Information Systems
Research Economic Development
University of North Carolina at Chapel Hill
Phone:(919)843-2408
Fax: (919)962-3600
Email:
Covering the bases with cfqueryparam is one thing, being mobbed is another.
Sometimes you have to stop these things before any other code is run. I've
put that abort script at the top of all my application.cfcs jst to brute
force stop the horde.
On Fri, Aug 8, 2008 at 10:31 AM, Scott Stewart
In the last 7 hours since i set up a counter on it, i've had 2792 on
sites far lower volume than HouseofFusion.. So do i get a prize?
Cheers
Mike Kear
Windsor, NSW, Australia
Adobe Certified Advanced ColdFusion Developer
AFP Webworks
http://afpwebworks.com
ColdFusion, PHP, ASP, ASP.NET hosting
and your absolutely right, I've gotten two and query params covered it,
but it sounds like you're getting hit two pronged.
If the injection doesn't do something, the brute force attack will
I'm almost flattered that someone thought my site was important enough
to attack...
Scott Stewart
On Friday 08 Aug 2008, Scott Stewart wrote:
I'm almost flattered that someone thought my site was important enough
to attack...
They didn't. The attack is probably driving itself based on a Google search (
[inurl:.cfm] ?) .
--
Tom Chiverton
Ouch
Thanks Tom... :)
--
Scott Stewart
ColdFusion Developer
Office of Research Information Systems
Research Economic Development
University of North Carolina at Chapel Hill
Phone:(919)843-2408
Fax: (919)962-3600
Email: [EMAIL PROTECTED]
Tom Chiverton wrote:
On Friday 08 Aug 2008,
Which explains why House of Fusion is being so heavily hit. We're literally
everywhere on Google. Fusion Authority on the other hand has all of its urls
masked to .htm so the only one being attacked there is an old .cfm archive.
I'm working on a webserver level fix for this which will bypass the
Subject: Re: SQL injection attack on House of Fusion
Which explains why House of Fusion is being so heavily hit. We're literally
everywhere on Google. Fusion Authority on the other hand has all of its urls
masked to .htm so the only one being attacked there is an old .cfm archive.
I'm working
Geez Ben, tell how you really feel...
=]
On the plus side, it's nice to see CF finally getting the recognition it
deserves, even if it is from parasitic bottom-feeding bots created by
despicable scum-sucking feeble-excuse-for-a-carbon-based-life-form
repugnant
socially-inept
-
From: Michael Dinowitz [mailto:[EMAIL PROTECTED]
Sent: Friday, August 08, 2008 11:41 AM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
Which explains why House of Fusion is being so heavily hit. We're literally
everywhere on Google. Fusion Authority on the other hand has all
Ben,
I know I speak for all of us when I say this is a side of you we've never
seen. The jury's out but I think I like it (ha).
-Mark
-Original Message-
From: Ben Forta [mailto:[EMAIL PROTECTED]
Sent: Friday, August 08, 2008 10:51 AM
To: CF-Talk
Subject: RE: SQL injection attack
-
From: Ben Forta [EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Friday, August 08, 2008 10:50 AM
Subject: RE: SQL injection attack on House of Fusion
Yep, I turned e-mail notifications off too, leave it on and you can
inadvertently turn blocking SQL injection attacks into a self
: Friday, August 08, 2008 12:03 PM
To: CF-Talk
Subject: Re: SQL injection attack on House of Fusion
Tell us how you really feel Ben. :)
I had to temporarily stop apache on my site long enough to get a stop gap in
place. My database is safe, but I was getting around 90 requests a second
I think alot of us are doing that now.
Do you think it would be helpful in some way for us to all pool that data?
Create some central repository for it so we can all make use of it and maybe
even get the attention of some of the ISP?
On Fri, Aug 8, 2008 at 9:05 AM, Ben Forta [EMAIL PROTECTED]
Dang, the brutes thought of everything. I even tried a test to see if the
bots would return cookies I attempted to set in order to track them easier.
Nope, they don't.
~Brad
~|
Adobe® ColdFusion® 8 software 8 is the most
very few bots accept cookies. I've never actually seen one that does,
but I have read it is possible to write one that will.
Wil Genovese
One man with courage makes a majority.
-Andrew Jackson
A fine is a tax for doing wrong. A tax is a fine for doing well.
Ben Forta wrote:
... parasitic bottom-feeding bots created by
despicable scum-sucking feeble-excuse-for-a-carbon-based-life-form repugnant
socially-inept basement-dwelling death-penalty-deserving hacker-wannabes.
--- Ben
Now please don't hold back your feelings on our account. Please just
401 - 500 of 4661 matches
Mail list logo