Skip to main content
jibinanto40792294
jibinanto40792294
Inspiring
June 15, 2022
Question

Mail flood handling in on error of application.cfc

  • June 15, 2022
  • 3 replies
  • 725 views

Is it possible to throw site wide error of each unique type only once? Using CF 2016 . The website application has on error exception handling mechanism used in Application.cfc. The site encounter ed a SQL injection attempt and numerous error sent like mail flood.
Can we handle without using any black list table creation in such a way that the spam kind of mail throw only once in a day? Also, genuine error mails are not prevented.
Any suggestion is appreciated.

This topic has been closed for replies.

3 replies

BKBK
Community Expert
BKBKCommunity Expert
Community Expert
June 16, 2022

I can think of a method similar to EddieLotter's.

 

1. In onApplicationStart, initialize: 

 

<cfset application.mailFloodChecker=0>

 

 

2. Obtain from your records an identifying string that is present in the stacktrace of every flooder mail. Use it in onError to check if e-mail is from the mail flooder. If so, send only the first such e-mail:

 

<!--- In my case, the stacktrace of every mail flooder contains the text "Variable NGAHNMBBVCDSEWJHTTP is undefined" --->
			<cfif structKeyExists(arguments.exception, "stacktrace") and findNoCase("Variable NGAHNMBBVCDSEWJHTTP is undefined", arguments.exception.stacktrace) gt 0>
				<cfif application.mailFloodChecker eq 0>
					<cfmail>
						... etc
					</cfmail>
					<cfset application.mailFloodChecker = 1>
				</cfif>
			</cfif>

 

jibinanto40792294
jibinanto40792294Author
Inspiring
June 16, 2022

The error message may vary depending on the page requested and based on the hack attempt tried.

Therefore, Can we handle in more Generic way like Same error message from same remote IP(CGI.REMOTE_HOST) triggered more than once within a minute , mail is not send after that. Is it possible to store this information in scope and compare without writing to db or file? 

Hope the flag 'mailFloodChecker ' will get reset when next day the application is started again in browser without restarting cf service.

Charlie Arehart
Community Expert
Charlie ArehartCommunity Expert
Community Expert
June 16, 2022

Jibinanto, I'm sure bkbk will follow up with extensive support to guide you in the handcrafting of his solution to be still more capable.

 

But I will stress again to you both: beware "re-inventing the wheel". See my first comment about error handling solutions that build in all you're contemplating adding here, and they add much more that you'll inevitably think of--and perhaps more you'd not.

 

Again, I don't say this to discourage the effort.. You will learn a lot building this solution by hand. But you may miss something. If nothing else, since two of the solutions are open source cfml, consider looking to them for ideas. Even the sites about the non-cf services can give you (both) ideas.

 

But you may find you'd spend less time implementing one in your app (even if it's a struggle, being something new to you) than building out such more-evolved but hand-crafted error handling. Just a friendly suggestion, not an admonition. 

/Charlie (troubleshooter, carehart. org)
Charlie Arehart
Community Expert
Charlie ArehartCommunity Expert
Community Expert
June 16, 2022

Besides Eddie's helpful suggestion, note that this problem is indeed solved by error handling framework solutions/services that can be leveraged from cfml. They imbue all that intelligence from years of experience, saving you thinking of how best to prevent such floods, while handling that error and others intelligently.

 

I keep a list of them as a category of my cf411 site, specifically:

https://www.cf411.com/error

 

Let us know if you find one that seems to suit you. 

/Charlie (troubleshooter, carehart. org)
EddieLotter
EddieLotter
Inspiring
June 15, 2022

I use an application variable that is set to 0 when the application starts.

In the application error handler, I increment that variable each time an error is emailed to me. Once the variable reaches a threshold, I don't send any more emails.

Since my applications only get used during business hours, the variable is set each morning by the first person to use the app.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices