You can do what we do here.
Put the cfdocs and cfide directories in a directory other than wwwroot(or
what ever your root directory is) and then map them virtually. That way
you can still access them through the browser but you don't have the same
security problems. You can also add ip restrictions so that only people
that you know have access.
Email me off list and I can tell you how to do this. That is of course if
you're running MS's IIS.
--K
====================
Katrina Chapman
Consultant
Ameriquest Mortgage
"Ric Smith"
<rickyfusion@fusions To: <[EMAIL PROTECTED]>
erver.com> cc:
Subject: Re: Snooping CFDOCS
directory?
07/05/00 01:56 PM
Please respond to
cf-talk
Thanks. Yeah, I've got the fix that only allows localhost access
I just got real nervous and wanted to make sure I wasn't missing
something.
I think I'll go ahead and remove the CFDOCS completely. Should
I also move the CFIDE directory to something obscure?
Ric Smith
> They were probably using a canned script which looks for the CF
> vulnerabilities. Either remove /CFDOCS/*, install the security fix, or
just
> remove the files in /expeval/. FYI, the security fix simply restricts
access
> to the localhost address for the files.
>
> Steve
>
>
> -----Original Message-----
> From: Ric Smith [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 4:12 PM
> To: [EMAIL PROTECTED]
> Subject: Snooping CFDOCS directory?
>
>
> I was looking through my logfile reports and found these
> entries which troubled me.
>
> http://www.kungfoo.com/cfdocs/expeval/displayopenedfile.cfm
> http://www.kungfoo.com/cfdocs/expeval/sendmail.cfm
> http://www.kungfoo.com/cfdocs/expeval/exprcalc.cfm
> http://www.kungfoo.com/cfdocs/expeval/openfile.cfm
> http://www.kungfoo.com/scripts/iisadmin/bdir.htr
>
> It appears someone was trying to do something they shouldn't
> have.
>
> I removed the /scripts/iisadmin directory long ago but the
> CFDOCS directory is still there. Is it safe to remove or rename
> this directory? What about the CFIDE directory, would it be
> safe to put NT Authentication on that directory?
>
> I was hoping someone could let me know if there's
> anything I need to worry about.
>
> Thanks.
>
> Ric Smith
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
