> From our side this hack appears to have been inserted yesterday during the > Superbowl. The offending IP seems to > have come from China. It got three of our sites on different servers. Only > sites with an application.cfm file were hit. > Sites using application.cfc were untouched.
I would again strongly recommend that CF be configured so that it can't write to the web root, unless you specifically rely on that feature (CF-based CMS, for example). This will prevent any type of exploit that relies on writing to CF files using CF. Too many times, I see on this list and elsewhere people focusing on identifying and closing specific exploits, when their time would be best served by preventing the possibility of those exploits working by proper configuration. I'm not calling you out, Robert, I'm just using your message as a convenient place to reiterate this statement. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354266 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
