Question
Someone is Using My Code to Attack Me?
I am using CF 6.1 on a Windows Server 2003 with Web Services
and offer both Web and Email services to my clients on separate
servers. Apparently I have not written my Cold Fusion correctly
because someone is using my code against me to, what I can guess,
bounce off my web server through to my email server.
I check my Log Files>application.log file once a week and had been noticing some really weird entries. I also noticed SPAM was up and am beginning to think this is somehow connected. So, I did a little digging into my Log Files and found the following:
2008-02-11 21:13:05 W3SVC1706141536 22.222.22.222 GET /images/header6.jpg - 80 - 84.48.194.10 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+nb-NO;+rv:1.8.1.12)+Gecko/20080201+Firefox/2.0.0.12 http://www.cracked.com/forums/topic/29725/a-forum-game-if-you-laugh-you-lose-not-56k-friendly/20 www.mydomainname.org 200 0 0 7337 487 453
2008-02-11 21:16:48 W3SVC1706141536 22.222.22.222 GET /images/header6.jpg - 80 - 128.240.229.66 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+Media+Center+PC+5.0;+.NET+CLR+3.0.04506;+.NET+CLR+1.1.4322) http://www.cracked.com/forums/topic/29725/a-forum-game-if-you-laugh-you-lose-not-56k-friendly/20 www.mydomainname.org 200 0 0 7361 548 234
I tried adding the following to the top of each application.cfm file on my web server:
<cfif CGI.QUERY_STRING CONTAINS "http">
<cfabort>
</cfif>
It slowed things down, but now the attack is back and SPAM is crazy again. What is going on? What am I not doing correct? And what do I do to make it stop?
Any help or direction would be greatly appreciated. I am getting hit on every website on my server and have been for days now.
Thank you in advance for your help,
David Moore
UpstateWeb LLC
I check my Log Files>application.log file once a week and had been noticing some really weird entries. I also noticed SPAM was up and am beginning to think this is somehow connected. So, I did a little digging into my Log Files and found the following:
2008-02-11 21:13:05 W3SVC1706141536 22.222.22.222 GET /images/header6.jpg - 80 - 84.48.194.10 Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+nb-NO;+rv:1.8.1.12)+Gecko/20080201+Firefox/2.0.0.12 http://www.cracked.com/forums/topic/29725/a-forum-game-if-you-laugh-you-lose-not-56k-friendly/20 www.mydomainname.org 200 0 0 7337 487 453
2008-02-11 21:16:48 W3SVC1706141536 22.222.22.222 GET /images/header6.jpg - 80 - 128.240.229.66 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.0;+SLCC1;+.NET+CLR+2.0.50727;+Media+Center+PC+5.0;+.NET+CLR+3.0.04506;+.NET+CLR+1.1.4322) http://www.cracked.com/forums/topic/29725/a-forum-game-if-you-laugh-you-lose-not-56k-friendly/20 www.mydomainname.org 200 0 0 7361 548 234
I tried adding the following to the top of each application.cfm file on my web server:
<cfif CGI.QUERY_STRING CONTAINS "http">
<cfabort>
</cfif>
It slowed things down, but now the attack is back and SPAM is crazy again. What is going on? What am I not doing correct? And what do I do to make it stop?
Any help or direction would be greatly appreciated. I am getting hit on every website on my server and have been for days now.
Thank you in advance for your help,
David Moore
UpstateWeb LLC
AdChoices