cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Hacker Attack

dianashere_
New Here ,
Aug 15, 2006 Aug 15, 2006

Copy link to clipboard

Copied

Hi all,

I hope that someone can give me some ideas as to where I should start with this problem. We have a coldfusion site created mainly in MX 7 on a windows platform. We have recently had a spoof attack with one person signing up 1300+ times. I'm not sure how he is doing this. He seems to be bypassing all of our front-end verification and created a form that uses our cfc's to write to the database. Does that seem plausible? How would he even know what our cfc's are named? What are some basic steps that I need to do to ensure that this guy is stopped?

Any adivse is greatly appreciated.

THX
-Diana
TOPICS
Advanced techniques

Views

252

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 3 Replies 3
latest latest Jump to latest reply
Wilgeno_wnt
Explorer ,
Aug 15, 2006 Aug 15, 2006

Copy link to clipboard

Copied

Try make sure the form submission is coming from your site.

cfif cgi.server_name eq "your ip address"

You can also check the to make sure the form is being submitted by your form

cfif cgi.http_referer eq "your_form_page.cfm"

You can also record the ip address of the remote computer that creates an account and only allow one account per IP address. This is not the best since there are proxy servers where every uses ip address is reported as the same address.

Once this that I do is to generate a unique key that gets passed as a hidden field in the form and saved as a temporary session variable and then on the action page I compare the form value to the session value to see if they match. A hacker submitting a form from a remote server will not have the proper unique id.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Aug 15, 2006 Aug 15, 2006

Copy link to clipboard

Copied

Are you aware of this method to ensure that there is a human on the other end?

http://en.wikipedia.org/wiki/CAPTCHA

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
dianashere_
New Here ,
Aug 16, 2006 Aug 16, 2006

Copy link to clipboard

Copied

LATEST
In Response To Deleted User
All great suggestions! thank you so much! To the person who asked me about CAPTCHA; yes, I am familiar with that method but as of yet have been unsuccessful in getting it to work. I found two ColdFusion freebies on the web but haven't had any luck with them so far:

Open Source Captcha CFC
LylaCAPTCHA

I think that I will continue to try to get these to work and if I can't figure them out by the end of the day I will resort to Wil's excellent suggestions. Thanks again!!!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices