August 8, 2008 10:08pm by Steve | 
My main other site is getting hammered by an unrelenting SQL injection attack. I now completely realize the importance of locking down your queries.
I can only hope that BlogCFC is immune. 
Here is a full description of this particular attack… which is apparently hitting a bunch of sites. Info provided via a simple Google search.
Category: 
Something similar has been making the rounds for a bit. Ben Forta blogged about it; as did others. I assume this is the same hack.
Use cfqueryparam and you’ll be safe. Does becoming a hacker target mean that CF is finally coming into it’s own?
I had an old client get his with this. Their site was coded years ago and they never had money for updates to ANYTHING. There were a couple pages where I hadn’t used cfqueryparam(too much of a newb back then). So the DB was wide open for the attack.
Luckily the attack attempted to insert a external javascript call, but the code was malformed and the url was dead anyway. In either case a quick db restore and a few cfqueryparam tags cleared it up without much of a hiccup.