Monday, November 9, 2009

Protecting your CFML apps with CFTHROTTLE

You may have heard about the recent high profile attacks on celebrity accounts on Twitter, where by a young (enterprising?) chap simply pointed a brute force password dictionary attack to their login process. Twitter had no throttling process here to stop this from happening.

How can you protect your own CFML applications from such an easy attack?

BlueDragon introduced the CFTHROTTLE tag a number of years ago and naturally is available now in the core distribution of OpenBD. CFTHROTTLE was designed to stop repeated requests coming from a single source consuming too many resources. Developed for and modelled on the (at the time) well known Apache mod_throttle module.

Huh? How did I miss this (from last January)? I definitely going to check this out for an application I have on Open BlueDragon. I'll probably do this as a Mach-II filter as we've had some problems in the past with *bad* bots hitting the login page with bad credentials.

No comments:

Post a Comment