Protect your CF application
7 August 2008 15:02 (EST)
Starting yesterday most of my CF websites are under constant attacks by bots, which are trying to implement SQL injection attack using additional URL parameters.
Since not all applications were developed using CFQUERYPARAM tag and update of all CFQUERY calls will take a long time, simple solution has been developed to block hackers.
Code to be added to your Application.cfm script:
Blacklisting uses three potentially dangerous strings inclusion to URL parameters as a trigger to block ip address: DECLARE, CAST and EXEC.
Blacklist is a plain text file with ip addresses (one per line), replicated into Application scope.
Solution is not 100% ideal, but will prevent hackers from accessing your website.
Since not all applications were developed using CFQUERYPARAM tag and update of all CFQUERY calls will take a long time, simple solution has been developed to block hackers.
Code to be added to your Application.cfm script:
<cfset fName = ExpandPath("/") & "blacklist.txt" />
<cfif isDefined("url.updateapp") or not isDefined("application.blacklist")>
<cfset application.blacklist = "" />
<cfif FileExists(fName)>
<cftry>
<cffile action="read" file="#fName#" variable="application.blacklist" charset="utf-8" />
<cfcatch></cfcatch>
</cftry>
</cfif>
</cfif>
<cfif ListFind(application.blacklist,cgi.remote_addr,Chr(13)&Chr(10))>
<cflocation addtoken="false" url="/blacklist.html" />
</cfif>
<cfif FindNoCase("DECLARE",cgi.query_string) and FindNoCase("CAST",cgi.query_string) and FindNoCase("EXEC",cgi.query_string)>
<cfif not ListFind(application.blacklist,cgi.remote_addr,Chr(13)&Chr(10))>
<cfset application.blacklist = ListAppend(application.blacklist,cgi.remote_addr,Chr(13)&Chr(10)) />
<cftry>
<cffile action="write" file="#fName#" output="#application.blacklist#" charset="utf-8" />
<cfcatch></cfcatch>
</cftry>
<cflocation addtoken="false" url="/blacklist.html" />
</cfif>
</cfif>
<cfif isDefined("url.updateapp") or not isDefined("application.blacklist")>
<cfset application.blacklist = "" />
<cfif FileExists(fName)>
<cftry>
<cffile action="read" file="#fName#" variable="application.blacklist" charset="utf-8" />
<cfcatch></cfcatch>
</cftry>
</cfif>
</cfif>
<cfif ListFind(application.blacklist,cgi.remote_addr,Chr(13)&Chr(10))>
<cflocation addtoken="false" url="/blacklist.html" />
</cfif>
<cfif FindNoCase("DECLARE",cgi.query_string) and FindNoCase("CAST",cgi.query_string) and FindNoCase("EXEC",cgi.query_string)>
<cfif not ListFind(application.blacklist,cgi.remote_addr,Chr(13)&Chr(10))>
<cfset application.blacklist = ListAppend(application.blacklist,cgi.remote_addr,Chr(13)&Chr(10)) />
<cftry>
<cffile action="write" file="#fName#" output="#application.blacklist#" charset="utf-8" />
<cfcatch></cfcatch>
</cftry>
<cflocation addtoken="false" url="/blacklist.html" />
</cfif>
</cfif>
Blacklisting uses three potentially dangerous strings inclusion to URL parameters as a trigger to block ip address: DECLARE, CAST and EXEC.
Blacklist is a plain text file with ip addresses (one per line), replicated into Application scope.
Solution is not 100% ideal, but will prevent hackers from accessing your website.
Next: OpenID CFC Consumer 2.0 →
Discussion (3 comments)