I think it is sometimes unfair to blame ColdFusion 100% of the time, some of these administrators may have other technologies that are installed and never patched, which can expose ColdFusion and other languages running on the server.
But if it was ColdFusion that was hacked or an exploit in ColdFusion was used, is also another reason I maintain ColdFusion or more to the point CFML needs to adopt an MVC framework, it doesn't need to be full blown but it needs to be enough to give a bases that other framework authors can hook into. The more ColdFusion is locked down to single entry points rather than every single file the better, and would make it harder for these hackers to get and run files uploaded to the server. -- Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/113032480415921517411 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354366 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
