Yeah sure, you CAN, but its not the solution to the problem. On a recent incident response we had attacks originating from asia, south america and europe. Do you plan on blocking them all?
-dhs -- Dean H. Saxe "A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children." -- John James Audubon On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote: > You can block subnets. On a couple of domestic sites, I have even blocked > all requests from ALL OF ASIA (or close). While I know this is a drastic > measureā¦ all SQL Injection attack (and other hack attacks) attempts reduced > by 98% with that done. > > Here is a link that describes how to do this and why: > http://www.parkansky.com/china.htm > > From: [email protected] [mailto:[email protected]] On Behalf Of Dean H. Saxe > Sent: Friday, November 20, 2009 11:59 AM > To: [email protected] > Subject: Re: [ACFUG Discuss] SQL Injection > > Blocking IPs is useless, attackers will just use another proxy to change the > apparently location of the originating attack. You can't stop the attempts, > you must instead prevent the exploitation of vulnerable code. This means > writing secure code using data validation on all input, data sanitization on > output (in this case, parameterized queries using cfqueryparam) and following > the principle of least privilege on the database access. > > -dhs > > -- > Dean H. Saxe > "A true conservationist is a person who knows that the world is not given by > his fathers, but borrowed from his children." -- John James Audubon > > > > > > On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote: > > > Hey folks, > > I saw John's tweet earlier this week about a new wave of SQL Injection ( and > link to a great article on it > http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss), > and sure enough I'm seeing a huge upswing in attempts. Over 100 failed > attempts last night alone. > > We have taken the steps to prevent damage / harm, but I was wondering what > folks are doing after they stop the attempt. What kind of message if any do > you provide ? Are people checking the logs, and blocking IP's of the worst > offenders? Or something else? > > -Rudi > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink > -------------------------------------------------------------
