4 Replies Latest reply on Feb 4, 2008 11:43 AM by SilentBob'secretfusion

    Hacker changing URL string

    angplange
      this is frustrating-- our server is getting pounded (and so running JRUN up to 100%) with some hacker changing the URL to different things. I'm running CFMX 6.1 on Windows 2003. Here's a sample of query strings that have been changed:

      Fuseaction=events&section=events&View=http%3A%2F%2Fwww.vacacionalhouse .com%2Fen%2Fimg%2Fvohe%2Fseyon%2F

      Fuseaction=http%3A%2F%2Fwww.psikolojikyardim.org%2Fetkinlik%2Finclude%2Feto%2Fnixaz%2F

      Fuseaction=Day&sm=2&sy=http%3A%2F%2Fwww.so easywebsite.com%2Fsoeasycasino%2Fixu%2Fxotem%2F&sd=27& amp;amp;View=all&View=all&View=all&View=all

      -->I've added a catch for these where it redirects them to the main page, but this doesn't seem to stop them
      -->notice the ;amp;amp;amp;amp; in that last one....

      None are the same IPs and hail from Russia, Portugal, etc. so I can't block the offending IP, and they're using a normal browser so I can't block by user-agent

      Any ideas?