this is frustrating-- our server is getting pounded (and so
running JRUN up to 100%) with some hacker changing the URL to
different things. I'm running CFMX 6.1 on Windows 2003. Here's a
sample of query strings that have been changed:
Fuseaction=events&section=events&View=http%3A%2F%2Fwww.vacacionalhouse.com%2Fen%2Fimg%2Fvohe%2Fseyon%2F
Fuseaction=http%3A%2F%2Fwww.psikolojikyardim.org%2Fetkinlik%2Finclude%2Feto%2Fnixaz%2F
Fuseaction=Day&sm=2&sy=http%3A%2F%2Fwww.soeasywebsite.com%2Fsoeasycasino%2Fixu%2Fxotem%2F&sd=27&View=all&View=all&View=all&View=all
-->I've added a catch for these where it redirects
them to the main page, but this doesn't seem to stop them
-->notice the ;amp;amp;amp;amp; in that last one....
None are the same IPs and hail from Russia, Portugal, etc. so
I can't block the offending IP, and they're using a normal browser
so I can't block by user-agent
Any ideas?