Ian White
asked on
Hacker Bot visiting each day - cferror fields not trapped - Coldfusion 9 site
I use standard cferror trapping to go to cferror template and send me an email when request errors occur.
Ever day I get errors generated from an attempted hacker bot - It looks like they are trying to inject some links somewhere. The attempts always fail and generate the errors below. The only error field that gets populated some of the time is error.diagnostics Sometimes it is blank too.
Here are two examples of the failed daily hack attempt wth fields emailed to me
All the error fields are normally populated when an error is trapped - just not when this happens.
So I am not able to diagnose what the bot is trying to do so I can thwart it. I use cfqueryparam on querys
Any ideas?
This is a coldfusion 9 site www.housecarers.com
Ever day I get errors generated from an attempted hacker bot - It looks like they are trying to inject some links somewhere. The attempts always fail and generate the errors below. The only error field that gets populated some of the time is error.diagnostics Sometimes it is blank too.
Here are two examples of the failed daily hack attempt wth fields emailed to me
ErrorDate #Error.DateTime#
Browser #Error.Browser#
Remote Address #Error.RemoteAddress#
HTTP Referrer #Error.HTTPReferer#
Template #Error.Template#
Query String #Error.QueryString#
User name
HTML Code Format <PRE>The United States <a href=" http://www.aprilborbon.com/writing/ ">buy vermox</a> payment arrangements should be made with the patient.
<a href=" http://www.gtonics.net/technology/oscommerce ">topiramate online</a> For more information, contact PKP secretary.
<a href=" http://dalit.dk/omos/ ">buy generic effexor xr online</a> Nyarang’O P, Mutema A, Odero W, Sumba O. Interviewing: A manual on
</PRE>
ErrorDate #Error.DateTime#
Browser #Error.Browser#
Remote Address #Error.RemoteAddress#
HTTP Referrer #Error.HTTPReferer#
Template #Error.Template#
Query String #Error.QueryString#
User name
HTML Code Format <PRE>Punk not dead <a href=" http://www.suckvalleywaywalk.ie/health-safety/ ">fish cycline tetracycline 250mg 100 capsules</a> instructions of their preceptor. If there is concern about the preceptors instructions, students
<a href=" http://www.aprilborbon.com/writing/ ">vermox for children</a> Pharmacy Procedures Manual | 1 March 2010 13
<a href=" http://www.gtonics.net/technology/oscommerce ">topamax and weight loss</a> Personal accountability and responsibility for actions
</PRE>
All the error fields are normally populated when an error is trapped - just not when this happens.
So I am not able to diagnose what the bot is trying to do so I can thwart it. I use cfqueryparam on querys
Any ideas?
This is a coldfusion 9 site www.housecarers.com
Also, if you design your action page to validate the exact type of content you want to receive and send the user back to the original form if the correct data is not present, that might discourage the bot to attempt further attacks on your site.
The hacker will keep trying as long as he sees that his attempts are causing some errors to be tripped on your server.
The hacker will keep trying as long as he sees that his attempts are causing some errors to be tripped on your server.
ASKER
Thanks. I have an extensive site with a number of forms.
As advised cferror in application.cfm goes to error handling template but the referer and template are not populated
HTTP Referrer #Error.HTTPReferer#
Template #Error.Template#
<!--- code where the error is being thrown goes here before the catch --->The trouble is I don't know where the error is being thrown.
As advised cferror in application.cfm goes to error handling template but the referer and template are not populated
HTTP Referrer #Error.HTTPReferer#
Template #Error.Template#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes I tried that - but still error fields not displaying so I have no idea of the template causing the error
ASKER
I ended up checking for the injection in application.cfm then aborting. Not sure what would be best thing to
present to the hacker - currently just aborting
present to the hacker - currently just aborting
<cfloop collection="#form#" item="item">
<cfif form[item] contains "exec("
or form[item] contains "href=""
>
<!--- Do something to the hacker - blank page? --->
<cfabort>
</cfloop>
ASKER
No Matter what I do - an error is generated but fields dont get trapped except for error.diagnostics - see example below so error.template etc not reported
ErrorDate #Error.DateTime#
Browser #Error.Browser#
Remote Address #Error.RemoteAddress#
HTTP Referrer #Error.HTTPReferer#
Template #Error.Template#
Query String #Error.QueryString#
User name
HTML Code Format <PRE>We went to university together <a href=" http://www.moorelegal.net/austin-law-office.html ">generic for nexium 40 mg</a> dispensed in quantities sufficient to effect optimum economy, up to 90 days.
<a href=" http://fuckedup.cc/category/writing/ ">75 mg topamax</a> Preceptors qualify to participate in the PEP by meeting and adhering to standards set by the UNC
<a href=" http://www.chdesignsinc.com/?page_id=194 ">acyclovir iv rxlist</a> frozen inserts, and one camping stove that we will lend if we are not using them. Please return
<a href=" http://lbhoffmangroup.com/index.php/testimonials ">50 mg amitriptyline</a> salt and curry powder to taste
</PRE>
ASKER
please close inactive
I would use try/catch blocks to prepare the error and mail it to yourself, adding CGI and FORM dumps to see what the bot is trying to attempt
Open in new window