I frequently get emails from CFWebstore users wanting to know if this or that error is a hack attempt. Recently there have been a rash of these where a URL shows up in some portion of the query string. It does seem obvious that these are some type of hack attempt, albeit not a very effective one. They don't appear to be SQL injection, where a hacker attempts to harm your site by putting additional SQL into the query string. My guess is that it is what would be considered content injection: some blogs, forums, email forms, etc. may be vulnerable to having content posted in this fashion. These are most likely bots that just look for dynamic pages and attempt to inject the URL onto them this way. The important thing to note is that the store throwing an error for this is a good thing! That means the hack attempt was not successful, and the store did its job by preventing it and throwing an error (that was behind the scenes and not exposing any sensitive information to the user.) It's the hack attempts you never see that are the ones that should concern you most...and if you have a web site, you will get hack attempts. You can't prevent them, the idea is to block them, and ideally avoid having to review any resulting errors they create.