They were probably using a canned script which looks for the CF
vulnerabilities. Either remove /CFDOCS/*, install the security fix, or just
remove the files in /expeval/. FYI, the security fix simply restricts access
to the localhost address for the files.
Steve
-----Original Message-----
From: Ric Smith [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 05, 2000 4:12 PM
To: [EMAIL PROTECTED]
Subject: Snooping CFDOCS directory?
I was looking through my logfile reports and found these
entries which troubled me.
http://www.kungfoo.com/cfdocs/expeval/displayopenedfile.cfm
http://www.kungfoo.com/cfdocs/expeval/sendmail.cfm
http://www.kungfoo.com/cfdocs/expeval/exprcalc.cfm
http://www.kungfoo.com/cfdocs/expeval/openfile.cfm
http://www.kungfoo.com/scripts/iisadmin/bdir.htr
It appears someone was trying to do something they shouldn't
have.
I removed the /scripts/iisadmin directory long ago but the
CFDOCS directory is still there. Is it safe to remove or rename
this directory? What about the CFIDE directory, would it be
safe to put NT Authentication on that directory?
I was hoping someone could let me know if there's
anything I need to worry about.
Thanks.
Ric Smith
----------------------------------------------------------------------------
--
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
