Just fyi on this latest wave of sql injection and xss attacks. It's
nothing new, just some are seeing a new wave come across. Some are acsii
encoded strings and some are not. I did a tweet and pointed to an
earlier blog post on this topic. As always, I can only repeat again that
developers need to understand how these attacks work and the procedures
to track and prevent them.
John
[email protected]
Derrick Peavy wrote:
DITTO!!!!!!
_____________________
Derrick Peavy
[email protected]
404-786-5036
“Innovation distinguishes between a leader and a follower.” -Steve Jobs
_____________________
On Nov 20, 2009, at 12:16 PM, Wes Byrd wrote:
You can block subnets. On a couple of domestic sites, I have even
blocked all requests from ALL OF ASIA (or close). While I know this
is a drastic measure… all SQL Injection attack (and other hack
attacks) attempts reduced by 98% with that done.
Here is a link that describes how to do this and why:
http://www.parkansky.com/china.htm
From: [email protected] [mailto:[email protected]] On Behalf Of Dean H. Saxe
Sent: Friday, November 20, 2009 11:59 AM
To: [email protected]
Subject: Re: [ACFUG Discuss] SQL Injection
Blocking IPs is useless, attackers will just use another proxy to
change the apparently location of the originating attack. You can't
stop the attempts, you must instead prevent the exploitation of
vulnerable code. This means writing secure code using data
validation on all input, data sanitization on output (in this case,
parameterized queries using cfqueryparam) and following the principle
of least privilege on the database access.
-dhs
--
Dean H. Saxe
"A true conservationist is a person who knows that the world is not
given by his fathers, but borrowed from his children." -- John James
Audubon
On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote:
Hey folks,
I saw John's tweet earlier this week about a new wave of SQL
Injection ( and link to a great article on it
http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss),
and sure enough I'm seeing a huge upswing in attempts. Over 100
failed attempts last night alone.
We have taken the steps to prevent damage / harm, but I was wondering
what folks are doing after they stop the attempt. What kind of
message if any do you provide ? Are people checking the logs, and
blocking IP's of the worst offenders? Or something else?
-Rudi
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
