Highlighted

SQL database attacked via SQL injection

Participant ,
Mar 05, 2015

Copy link to clipboard

Copied

I have a SQL 2012 DB that is getting attacked via SQL injection daily.

Ill probably need to switch hosting companies but before I did I wanted to see if I could prevent it.

So the site is older and has thousands of cfm pages with thousands of queries.

I am going through and adding the cfqueryparam tags when I can but it will take a while

The attack is always the same.

They attack the same 2 tables and the same fields.

The attacked field type is (nvarchar(255))

They insert things like www.cialis.............. or www.paydayloans.....

My site doesn't have any SQL update queries in it.

So is there a way to prevent any database updates via SQL query update statement in the application.cfm?

Something like if query string contains update..dont do the sql update?

TOPICS
Database access

Views

236

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

SQL database attacked via SQL injection

Participant ,
Mar 05, 2015

Copy link to clipboard

Copied

I have a SQL 2012 DB that is getting attacked via SQL injection daily.

Ill probably need to switch hosting companies but before I did I wanted to see if I could prevent it.

So the site is older and has thousands of cfm pages with thousands of queries.

I am going through and adding the cfqueryparam tags when I can but it will take a while

The attack is always the same.

They attack the same 2 tables and the same fields.

The attacked field type is (nvarchar(255))

They insert things like www.cialis.............. or www.paydayloans.....

My site doesn't have any SQL update queries in it.

So is there a way to prevent any database updates via SQL query update statement in the application.cfm?

Something like if query string contains update..dont do the sql update?

TOPICS
Database access

Views

237

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Mar 05, 2015 0

Have something to add?

Join the conversation