SQL database attacked via SQL injection

Participant ,
Mar 05, 2015 Mar 05, 2015

Copy link to clipboard


I have a SQL 2012 DB that is getting attacked via SQL injection daily.

Ill probably need to switch hosting companies but before I did I wanted to see if I could prevent it.

So the site is older and has thousands of cfm pages with thousands of queries.

I am going through and adding the cfqueryparam tags when I can but it will take a while

The attack is always the same.

They attack the same 2 tables and the same fields.

The attacked field type is (nvarchar(255))

They insert things like www.cialis.............. or www.paydayloans.....

My site doesn't have any SQL update queries in it.

So is there a way to prevent any database updates via SQL query update statement in the application.cfm?

Something like if query string contains update..dont do the sql update?

Database access







Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
no replies

Have something to add?

Join the conversation