this is the cfshell that was getting installed by the well known cfadmin/adminapi hack. So you must still your cfadmin or adminapi publicly accessible on that server.
On Fri, Sep 6, 2013 at 2:32 PM, Robert Harrison <[email protected]>wrote: > > Is anyone familiar with this code: http://pastebin.com/2v3PMx4M > > We found this in one of our sites which has been getting hacked lately. We > also found a few other infected files which we've cleaned, but this on in > particular was somehow injected into one of our sites. Anyone know what > this does and if it could be used as a hacking aid? > > Thanks > > > > Robert Harrison > Director of Interactive Services > > Austin & Williams > Advertising I Branding I Digital I Direct > 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 > T 631.231.6600 X 119 F 631.434.7022 > http://www.austin-williams.com > > Blog: http://www.austin-williams.com/blog > Twitter: http://www.twitter.com/austi > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356713 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
