Home of the ColdFusion Community
|
Mailing Lists
|
Home /
Groups /
ColdFusion Talk (CF-Talk)
Bots & URL Strings
Author: Claude Schneegans
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:55429#300511
>>That said, what do *you* do to fail gracefully
I do not "fail gracefully", I "counter-attack aggressively" ;-)
This is my code at the beginning of any template that relies on some
numeric url parameter.
but it can be easily adapted for any kind of string parameter.
<!--- Check if id contains a numeric value --->
<!--- if not, "http" means a SPAM attack, "user" means an SQL injection
attempt --->
<CFIF val(id) EQ 0 AND (id CONTAINS "http" OR id CONTAINS "user")>
<!--- Store IP address in any ban IP table --->
<CFABORT>
<CFELSE>
<CFSET id = val(id)>
</CFIF>
I use a datasource common to all my applications to store banned IPs.
I also use a table to store dumps of sessions, application, url, form
scopes in case of error,
instead of sending an eMail.
Then the only thing the visitor (or bot) sees is something like "oooops,
sorry for the errror".
Author: Tom Chiverton
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:55429#300505
> That said, what do *you* do to fail gracefully but not to receive hundreds
> of spammy emails every day on your web sites?
<cfif cgi.query_string contains 'http://' >
--
Tom Chiverton
Helping to adaptively implement scalable partnerships
on: http://thefalken.livejournal.com
****************************************************
This email is sent for and on behalf of Halliwells LLP.
Halliwells LLP is a limited liability partnership registered in England and Wales
under registered number OC307980 whose registered office address is at Halliwells
LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is
available for inspection at the registered office. Any reference to a partner in
relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The
Solicitors Regulation Authority.
CONFIDENTIALITY
This email is intended only for the use of the addressee named above and may be
confidential or legally privileged. If you are not the addressee you must not
read it and must not use any information contained in nor copy it nor inform any
person other than Halliwells LLP or the addressee of its existence or contents.
If you have received this email in error please delete it and notify Halliwells
LLP IT Department on 0870 365 2500.
For more information about Halliwells LLP visit
www.halliwells.com.
Author: Che Vilnonis
Short Link: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:55429#300502
Take the following query string from an error report I recieve:
Template: /index.cfm
Query String:
Mode=ScoresByWeek&ClassID=http%3A%2F%2Fsahel55.com%2Farticles%2Fomaduro%2Fki
mumid%2F
When a bot hits the site and passes their spam in the URL, an error is
generated and an error page is presented and an email is generated with all
of the error details. Great, right? Well, I get like 2-300 of these a day.
That means 2-300 emails that I don't want to go through. On the flip side, I
still want to receive legitimate error messages via email.
That said, what do *you* do to fail gracefully but not to receive hundreds
of spammy emails every day on your web sites?
Thanks, Che
|
May 24, 2012
|
Latest Fusion Authority Articles
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
