• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Mail flood handling in on error of application.cfc

Explorer ,
Jun 15, 2022 Jun 15, 2022

Copy link to clipboard

Copied

Is it possible to throw site wide error of each unique type only once? Using CF 2016 . The website application has on error exception handling mechanism used in Application.cfc. The site encounter ed a SQL injection attempt and numerous error sent like mail flood.
Can we handle without using any black list table creation in such a way that the spam kind of mail throw only once in a day? Also, genuine error mails are not prevented.
Any suggestion is appreciated.

TOPICS
Getting started

Views

394

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Jun 15, 2022 Jun 15, 2022

Copy link to clipboard

Copied

I use an application variable that is set to 0 when the application starts.

In the application error handler, I increment that variable each time an error is emailed to me. Once the variable reaches a threshold, I don't send any more emails.

Since my applications only get used during business hours, the variable is set each morning by the first person to use the app.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 15, 2022 Jun 15, 2022

Copy link to clipboard

Copied

Besides Eddie's helpful suggestion, note that this problem is indeed solved by error handling framework solutions/services that can be leveraged from cfml. They imbue all that intelligence from years of experience, saving you thinking of how best to prevent such floods, while handling that error and others intelligently.

 

I keep a list of them as a category of my cf411 site, specifically:

https://www.cf411.com/error

 

Let us know if you find one that seems to suit you. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 16, 2022 Jun 16, 2022

Copy link to clipboard

Copied

I can think of a method similar to EddieLotter's.

 

1. In onApplicationStart, initialize: 

 

<cfset application.mailFloodChecker=0>

 

 

2. Obtain from your records an identifying string that is present in the stacktrace of every flooder mail. Use it in onError to check if e-mail is from the mail flooder. If so, send only the first such e-mail:

 

<!--- In my case, the stacktrace of every mail flooder contains the text "Variable NGAHNMBBVCDSEWJHTTP is undefined" --->
			<cfif structKeyExists(arguments.exception, "stacktrace") and findNoCase("Variable NGAHNMBBVCDSEWJHTTP is undefined", arguments.exception.stacktrace) gt 0>
				<cfif application.mailFloodChecker eq 0>
					<cfmail>
						... etc
					</cfmail>
					<cfset application.mailFloodChecker = 1>
				</cfif>
			</cfif>

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 16, 2022 Jun 16, 2022

Copy link to clipboard

Copied

The error message may vary depending on the page requested and based on the hack attempt tried.

Therefore, Can we handle in more Generic way like Same error message from same remote IP(CGI.REMOTE_HOST) triggered more than once within a minute , mail is not send after that. Is it possible to store this information in scope and compare without writing to db or file? 

Hope the flag 'mailFloodChecker ' will get reset when next day the application is started again in browser without restarting cf service.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 16, 2022 Jun 16, 2022

Copy link to clipboard

Copied

Jibinanto, I'm sure bkbk will follow up with extensive support to guide you in the handcrafting of his solution to be still more capable.

 

But I will stress again to you both: beware "re-inventing the wheel". See my first comment about error handling solutions that build in all you're contemplating adding here, and they add much more that you'll inevitably think of--and perhaps more you'd not.

 

Again, I don't say this to discourage the effort.. You will learn a lot building this solution by hand. But you may miss something. If nothing else, since two of the solutions are open source cfml, consider looking to them for ideas. Even the sites about the non-cf services can give you (both) ideas.

 

But you may find you'd spend less time implementing one in your app (even if it's a struggle, being something new to you) than building out such more-evolved but hand-crafted error handling. Just a friendly suggestion, not an admonition. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 16, 2022 Jun 16, 2022

Copy link to clipboard

Copied

 

But I will stress again to you both: beware "re-inventing the wheel". 

 


By @Charlie Arehart

 

Good advice!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 16, 2022 Jun 16, 2022

Copy link to clipboard

Copied

 

Hope the flag 'mailFloodChecker ' will get reset when next day the application is started again in browser without restarting cf service.


By @jibinanto40792294

 

Yes, it will. The check is initialized in onApplicationStart.So it will be reset whenever the application is restarted.

 

The error message may vary depending on the page requested and based on the hack attempt tried.

Therefore, Can we handle in more Generic way like Same error message from same remote IP(CGI.REMOTE_HOST) triggered more than once within a minute , mail is not send after that. Is it possible to store this information in scope and compare without writing to db or file? 


By @jibinanto40792294

I would answer yes to every question. I used stacktrace to test, just as an example. You may, of course, use any test you want. So a combined test of error-message and IP is fine. Remember you can apply regular expressions to search the error-message. For example, by means of REFindNoCase or REMatch.

 

In any case, you can still apply exactly the same solution strategy.

 

1. in onApplicationStart

 

<cfset application.mailFloodTimer=getTickCount()><!--- Milliseconds --->
<cfset application.pauseSendingMailFlood=false>

 

2. in onError

 

<!--- Define a boolean to be used to check for flood mail --->
<cfset var isMailFloodEmail = check_consisting_of_IP_and_error_message>

<cfif isMailFloodEmail and not application.pauseSendingMailFlood>
	<cfmail>
		... etc
	</cfmail>

	<!--- Milliseconds since last timed --->
	<cfset application.mailFloodTimer=getTickCount() - application.mailFloodTimer>

	<!--- Flood mail triggered more than once in 60 000 milliseconds --->	
	<cfif application.mailFloodTimer lt 60000>
		<cfset application.pauseSendingMailFlood=true>				
	</cfif>

</cfif>

 

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

Thank you for the guidance

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Jun 17, 2022 Jun 17, 2022

Copy link to clipboard

Copied

LATEST

Are you giving any consideration to one of the error handling frameworks? Or are you preferring to do it all by hand? 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation