This site is suffering from an "SQL Injection Attack" and will be down until we correct the problem.

Friends of I Hate Men and I Hate Women have setup a temporary forum for the sites called, I Hate Hens. Please be aware, this forum is not created by the designers of I Hate (Wo)Men and we have no editorial control over the content. However, the message board appears to be in the spirit of the sites!


<> Note: This site is down and to impliment the solution, as listed on coldfusionmuse.com, is going to require an extensive rewrite of most of the site. Given the time needed to fix this, there is no estimate when these sites will be back up. Below you will find the email sent by my server admin.
However, since it doesn't use a database, my Cancer site is still up: atI Really Hate cancer.



The following email was sent to me this weekend concerning the attack:


Subject: ihatemen.com and sql injection attacks
Date: 8/9/2008 2:29:17 A.M. Central Daylight Time

Slate
Coldfusion has been going down a great deal recently and I started digging into the reason. It seems somebody is attempting to use SQL injection attacks on your sites so I’ve had to disable ihatemen.com till we can get this figured out. The pages they are attacking are:

/var/virtual/dslate/ihatemen.com/html/book_output.cfm
/var/virtual/dslate/ihatemen.com/html/dating_stories.cfm
/var/virtual/dslate/ihatemen.com/html/jokes.cfm
/var/virtual/dslate/ihatemen.com/html/poems.cfm
/var/virtual/dslate/ihatemen.com/html/tips4men.cfm
/var/virtual/dslate/ihatewomen.com/html/linkoutput.cfm
/var/virtual/dslate/ihatewomen.com/html/tip_output.cfm


The pages from ihatewomen.com are really not hit all that often, the others I’m afraid are hit really often. The log entries I’m seeing look like the following:


"Error","jrpp-1906","08/08/08","22:55:15",,"Error Executing Database Query.Syntax error or access violation: You have an error in your SQL syntax near ';DECLARE @S CHAR(4000);SET @S=CAST(0x4445434C41524520405420766172636861722832353' at line 3 The specific sequence of files included or processed is: /var/virtual/dslate/ihatemen.com/html/dating_stories.cfm "

Which corresponds with this report here:

http://www.coldfusionmuse.com/index.cfm/2008/7/18/Injection-Using-CAST-And-ASCII

Let me know if I can be of any help.



BTW, to disable your site I simply created a .htaccess file in the main html directory that said to deny all. To re-activate your site just delete this file or remove the lines. Please make sure this problem is fixed beforehand though as we cannot afford to have apache stalling out every 30 minutes or so due to coldfusion going belly up.
Thanks,
Ed McLain
Director of Data Center Operations

TekLinks Managed Services Group 205.314.6634
hosting@teklinks.com