I think that would depend on the intended scope and audience of
your site or server's sites. For example, does someone in Beijing
need to browse for a product that isn't available over the web or
sold in any store outside the contiguous U.S.? Or would someone
in Ulan Bator need to set up a pick-up laundry service in St.
Louis? Of course there would be exceptions but I think it would
be worth the small number of legitmate denials to do this.
<image001.jpg>
___________________________________________________________________________________________
Troy Jones | Developer/Support Technician | Dynapp Inc |
1-800-830-5192 ext. 603 | dynapp.com | facebook.com/dynapp
From: [email protected] [mailto:[email protected]] On Behalf Of Dean
H. Saxe
Sent: Friday, November 20, 2009 10:08 PM
To: [email protected]
Subject: Re: [ACFUG Discuss] SQL Injection
Yeah sure, you CAN, but its not the solution to the problem. On
a recent incident response we had attacks originating from asia,
south america and europe. Do you plan on blocking them all?
-dhs
--
Dean H. Saxe
"A true conservationist is a person who knows that the world is
not given by his fathers, but borrowed from his children." --
John James Audubon
On Nov 20, 2009, at 9:16 AM, Wes Byrd wrote:
You can block subnets. On a couple of domestic sites, I have
even blocked all requests from ALL OF ASIA (or close). While I
know this is a drastic measure… all SQL Injection attack (and
other hack attacks) attempts reduced by 98% with that done.
Here is a link that describes how to do this and why:
http://www.parkansky.com/china.htm
From: [email protected] [mailto:[email protected]] On Behalf Of Dean
H. Saxe
Sent: Friday, November 20, 2009 11:59 AM
To: [email protected]
Subject: Re: [ACFUG Discuss] SQL Injection
Blocking IPs is useless, attackers will just use another proxy to
change the apparently location of the originating attack. You
can't stop the attempts, you must instead prevent the
exploitation of vulnerable code. This means writing secure code
using data validation on all input, data sanitization on output
(in this case, parameterized queries using cfqueryparam) and
following the principle of least privilege on the database access.
-dhs
--
Dean H. Saxe
"A true conservationist is a person who knows that the world is
not given by his fathers, but borrowed from his children." --
John James Audubon
On Nov 20, 2009, at 3:47 AM, Rudi Shumpert wrote:
Hey folks,
I saw John's tweet earlier this week about a new wave of SQL
Injection ( and link to a great article on it http://www.codfusion.com/blog/post.cfm/portcullis-cfc-filter-to-protect-against-sql-injection-and-xss)
, and sure enough I'm seeing a huge upswing in attempts. Over
100 failed attempts last night alone.
We have taken the steps to prevent damage / harm, but I was
wondering what folks are doing after they stop the attempt. What
kind of message if any do you provide ? Are people checking the
logs, and blocking IP's of the worst offenders? Or something else?
-Rudi
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org/?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.425 / Virus Database: 270.14.78/2521 - Release Date:
11/23/09 07:52:00
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org/?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink
-------------------------------------------------------------
