Oh man I just looked and one of my standby servers got hit with this. Somehow we forgot to patch that one. It had a bunch of sites on it, but none of them were actually live (because it was a standby server).
So I have questions. Does anyone know that this thing does? I can just wipe this box and reload it, but it was on the network with our other windows servers (some of which are SQL database servers). Is it possible this hacker could have accessed other other servers through this hack? Do we know the steps yet to clean up the mess? Any idea where to look for damage that the hacker has caused? I am a little lost here. :( -RR On Wed, Jan 2, 2013 at 3:52 PM, Russ Michaels <r...@michaels.me.uk> wrote: > > and also read the following article. > > http://www.michaels.me.uk/post.cfm/securing-your-coldfusionmx-installation-on-windows > > > On Wed, Jan 2, 2013 at 7:47 PM, Larry Lyons <larrycly...@gmail.com> wrote: > > > > > A new CF security issue was just discovered a few days ago. You may want > > to forward this information to whomever is your CF Admin. > > > > > > > http://www.carehart.org/blog/client/index.cfm/2013/1/2/serious_security_threat > > > > To make a very long story short, the exploit allows a hacker to upload a > > file is put on the server. This gives a hacker pretty much unfettered > > access to a lot of things including > reading/downloading/uploading/renaming > > and creating files, accessing datasource information, and more. > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353733 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
