Global Resonance Network

Previous | Next | Return

From: Bruce Schuman
Date: Thursday, August 7, 2008, 3:45 PM
Subject: Lights on
ID: 263297

well. it's another exciting day in programmer-land. i spent the morning involved with a email discussion list for cold fusion programmers, and somebody offered up a script that detects and prevents "sql injection" -- and i got it stuck into a few sites, like lightpages. this is kind of tip-toe, it's unfamiliar territory to me -- but -- this thing might be working.

why do i think so? because -- one feature of this script is -- it sends me an email when it detects an injection attack, and the email includes the domain (, the page itself (message.cfm), the injection string (long string of numbers and gobbledygook) and the IP address of the attacker. with this script in place for 40 minutes now, i have already received about 8 of these emails....

what is injection attack, i hear you ask (it's so fascinating)

well, what this site is doing -- what global resonance does, what all these interspirit projects do -- is enable people to interact with a shared/collaborative database, that contains a bunch of different stuff, lists of people (you guys), your email address, the messages you wrote, all the content we have. essentially, you are "executing database commands" when you read a message ("go get a message and show it to me") or post a message ("stick this message in the database, and send it by email to the subscribers"), etc. so, sql injection is a way of sticking an unwanted database command into some way that a user interacts with the site -- through a URL, or a posting. these attacks have been coming through URLs -- the web site address, that contains things (look up there, check it out) like "login=some number" or "messageid=some number" . what these attacks do is append some additional stuff at the end of the URL, so the command is something like "get messageid 265787, and then, after you do that, stick this weird destructive stuff into the system over here".

anyway, i am no expert at this, but i have learned a lot today. let's see if this thing holds together for a while. then we will open up the rest of what we are doing. and again, thanks for being there. this is just another adventure along the way towards some amazing things emerging through our collective dream-body....

- bruce

ps, here's an email i got just now on the cf-talk mailing list --

However, this recent wave has *really* picked up over the last 48 hours. It began August 6, and we have logged close to 40,000 attack attempts and counting.

Our code is well protected, and this attack appears to target MSSQL, so we are not too concerned about the injection. However, if this attack continues to grow, it could quickly become a DOS situation. Blocking IP addresses is futile. I count hundreds and hundreds of them originating the attack.