You start off by trapping the error. Prevent the transaction. Record the error somewhere more persistent for review and analysis later. Display an error to the user that matches your site with a meaningful message.
Creating error trapping that can specifically identify these types of attempts could also reduce your noise to sound ratio as well. Teddy R. Payne, ACCFD Google Talk - [email protected] On Fri, Nov 20, 2009 at 9:44 AM, Rudi Shumpert <[email protected]> wrote: > the stuff I'm seeing is nothing really new, just was wondering if there are > some best practices on what do to after to stop the attempt. > > -Rudi > > On Fri, Nov 20, 2009 at 9:27 AM, Mischa Uppelschoten < > [email protected]> wrote: > >> I probably missed something, but this article is almost a year and a >> half old... what specifically is attempted now? >> >> : Hey folks, >> >> : I saw Johns tweet earlier this week about a new wave of SQL Injection ( >> and >> >> : link to a great article on it >> : >> http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-again >> : st-sql-injection-and-xss), and sure enough Im seeing ahuge upswing in >> : attempts. Over 100 failed attempts last night alone. >> >> : >> : We have taken the steps to prevent damage / harm, but I was wondering >> what >> : folks are doing after they stop the attempt. What kind of message if >> any do >> : you provide ? Are people checking the logs, and blocking IPs of the >> worst >> : offenders? Or something else? >> : >> : -Rudi >> >> >> >> >> Mischa Uppelschoten >> VP of Technology >> The Banker's Exchange, LLC. >> 4200 Highlands Parkway SE >> Suite A >> Smyrna, GA 30082-5198 >> >> Phone: (404) 605-0100 ext. 10 >> Fax: (404) 355-7930 >> Web: www.BankersX.com >> Follow this link for Instant Web Chat: >> http://www.bankersx.com/Contact/chat.cfm?Queue=MUPPELSCHOTEN >> ----------------------- *Original Message* ----------------------- >> >> *From:* Rudi Shumpert <[email protected]> <[email protected]> >> *To:* [email protected] >> *Date:* Fri, 20 Nov 2009 06:47:20 -0500 >> *Subject: [ACFUG Discuss] SQL Injection* >> >> Hey folks, >> >> I saw John's tweet earlier this week about a new wave of SQL Injection ( >> and link to a great article on it >> http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss), >> and sure enough I'm seeing a huge upswing in attempts. Over 100 failed >> attempts last night alone. >> >> We have taken the steps to prevent damage / harm, but I was wondering what >> folks are doing after they stop the attempt. What kind of message if any >> do you provide ? Are people checking the logs, and blocking IP's of the >> worst offenders? Or something else? >> >> -Rudi >> ------------------------------------------------------------- To >> unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform For more info, see >> http://www.acfug.org/mailinglists Archive @ >> http://www.mail-archive.com/discussion%40acfug.org/ List hosted by >> http://www.fusionlink.com------------------------------------------------------------- > > >
