ColdFusion 8 on linux -- who's running it on large sites? [ & distributed SQL injection attack ? ]

I actually reported on this in my ColdFusion in the news column in FA online. Hacker Webzine ran an article detailing SQL injection attack exploits against ColdFusion sites, and since then, we have come up on the radar as prime targets. http://www.fusionauthority.com/news/4761-coldfusion-in-the-news-july-20-30-2008.htm It's under the heading "Hack Attack" in the column. Basically, this kind of script-kiddie attack against CF sites has been mushrooming in the last two or three weeks. Judith On Thu, Aug 7, 2008 at 6:34 PM, Cary Gordon <listuser@chillco.com> wrote: ----- Excess quoted text cut - see Original Post for more -----

Thanks for the information Judith,  I've been trying to get the people   at work to take security seriously.  Maybe this will help ignite a   fire under their butts. Wil Genovese One man with courage makes a majority. -Andrew Jackson A fine is a tax for doing wrong. A tax is a fine for doing well.

You are right that in that it is not directly connected to the recursive DNS issue, however the general increase in attacks on all fronts has been abetted by this issue. Criminals used DNS substitution to spoof trusted sites and lure users into downloading zombie software, which the criminals can then use to launch attacks, or sell and give to others to launch attacks. -- Cary Gordon The Cherry Hill Company http://chillco.com ----- Excess quoted text cut - see Original Post for more -----