if you have the master CFIDE open to the public and have not locked that down as per the last security alert and hotfix, then that was no doubt the cause of your hack. Obviously there is no hotfix for CF8 as it is EOL, but you should at least follow the lockdown guides that were published RE CFIDE and ADMINAPI.
On Tue, Mar 5, 2013 at 2:03 PM, Stephens, Larry V <[email protected]> wrote: > > Our webserver utilizing CF8 was hacked. We're not sure how (in what > manner), at least at this point, but I am in the process of moving all CF > stuff to a new server using CF10. > > I am checking all #variables# used in queries to be sure cfqueryparam is > used. We are moving everything from MS Access to SQL Server. > > I am shedding all cfajaximport's and using jQuery ajax calls. While I > don't *think* this is security related, I am also eliminating all cfform's > (but, see below). > > Q1: By eliminating cfajaximport does the public need access to CFIDE or > can I lock that down to my access, only? I recall having an issue with > validation in cfform that had to do with not finding CFIDE (but I'm > eliminating that issue). > > Q2: As far as CF goes, anything we're missing? > > Thanks. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354814 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
