Open the website log with word and do a search for DECLARE you will find a lot of entries.. Look for a filename that is in a different directory than what you expected.. I think I got hit from a template that was in an old, unused directory from many years ago. I recently went through the server and deleted all of my old unused directories..
Also look for any ASP pages that are being hit.. At 06:46 AM 8/26/2008, you wrote: >Just got nailed myself - dammit - 15 years of knowledge. > >Have code reviewed and wasn't my CFML (at this stage) so maybe a new >IIS vulnerability? My attack occured recently - possibly in the last >24 hours or so. Have disabled the database and <CFABORT>ed any code >that interacts with the database until I can solve the disastrous >problem (apparently the attack came from China). > >Sigh! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311574 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4