macromedia.coldfusion.advanced_techniques
[Top] [All Lists]

Re: Hacker changing URL string

Subject: Re: Hacker changing URL string
From: GArlington
Date: Mon, 4 Feb 2008 09:19:03 -0800 PST
Newsgroups: macromedia.coldfusion.advanced_techniques

On Feb 4, 5:08 pm, "angplange" <atr...@xxxxxxxxxxxxx> wrote:
> this is frustrating-- our server is getting pounded (and so running JRUN up to
> 100%) with some hacker changing the URL to different things. I'm running CFMX
> 6.1 on Windows 2003. Here's a sample of query strings that have been changed:
> Fuseaction=events&amp;amp;amp;section=events&amp;amp;View=http%3A%2F%2Fwww.vacac
> ionalhouse.com%2Fen%2Fimg%2Fvohe%2Fseyon%2F
> Fuseaction=http%3A%2F%2Fwww.psikolojikyardim.org%2Fetkinlik%2Finclude%2Feto%2Fni
> xaz%2F
> Fuseaction=Day&amp;amp;amp;amp;amp;amp;sm=2&amp;amp;amp;amp;amp;amp;sy=http%3A%2
> F%2Fwww.soeasywebsite.com%2Fsoeasycasino%2Fixu%2Fxotem%2F&amp;amp;amp...
> p;sd=27&amp;amp;amp;amp;amp;View=all&amp;amp;amp;amp;View=all&amp;amp;amp;View=a
> ll&amp;amp;View=all  -->I've added a catch for these where it redirects them 
> to
> the main page, but this doesn't seem to stop them -->notice the
> ;amp;amp;amp;amp; in that last one....  None are the same IPs and hail from
> Russia, Portugal, etc. so I can't block the offending IP, and they're using a
> normal browser so I can't block by user-agent  Any ideas?

You can add some web server (IIS/Apache...) re-write rules to validate
the URL even BEFORE it is passed to CF...

<Prev in Thread] Current Thread [Next in Thread>