ebouwsema - 3:40 pm on May 27, 2008 (gmt 0)

One of the things we noticed is that they appeared to be using the errors that were being returned to determine what values they were needing to parse through the database. A simple way to fix/prevent this is to disable IIS from "Send[ing] detailed ASP error messages to client" under the Application Configuration>Debugging. This is by no means an overall fix for the application, all input should be sanitized and verified, but it may slow down the bot.