cross-site scripting attack

Hi,

I have a coldfusion page that inserts guestbook entry into my mySQL db. This past few weeks, I am receiving a lot of unwanted guestbook entries such as cialis, viagra links that fills my DB.

I suspect that there is a malicious script that send form parameter to the page that inserts to my DB. I'm getting 10 entries per day.

I googled out this issue and most of the results is to patch the coldfusion server but the support people told me that it doesn't need to patch the server but post here that anybody have come to this issue and resolve.

since we are using coldfusion mx6, I can't add an attribute "scriptprotect=all" in my application as this was just added in mx7 thinking that this might prevent those unwanted entries. I am thinking also of now accepting any requests if it doesn't comes from my IP but I just want to check with anybody out there that might have the same problem with me.

Any suggestion or help would be greatly appreciated.

Thank you
 
There are hundreds, or thousands of bots, and real people even posting such spam. We get it daily on the forums here as well and have to continually delete them. We have in place methods to stop them at signup, but some still slip by without problem.
 
For a guestbook you have to use some sort of verification to make it harder for the bots to successfully submit the form.

I have a guestbook on one site where I compare the fields looking for duplicate data. Also, if the email address they use is the domain of the site, it won't submit because no one with that domain's email address would be posting to the guestbook.

I also have a field with no label, name or id attribute that would indicate what information goes there. It's named something like "cornfield" or "dfadg". Then I have an image that explains to a human user what to put in that field.

There's lots of methods to try to thwart the bots, some simpler than others. I was getting 5 to 10 spam entries a day in the one guestbook, but since I implemented the steps I mentioned about 4 months ago, there hasn't been a single one get through.
 
This is most likely bots, not an XSS attack.

I've been using a captcha web service from easycfm.com on a few of my forms, and the spam entries have all but stopped.

To protect against SQL injection, cflib.org has a few UDFs that will strip all form input data of SQL commands, etc.
 
Back
Top