Most likely a virus / malware on your computer, not the server: https://www.google.com/search?q= "Your+Java+version+is+outdated%2C+have+security+risks"
-- Pete Freitag - Adobe Community Professional http://foundeo.com/ - ColdFusion Consulting & Products http://hackmycf.com - Is your ColdFusion Server Secure? http://www.youtube.com/watch?v=ubESB87vl5U - FuseGuard your CFML in 10 minutes On Wed, Nov 12, 2014 at 11:39 AM, Tom McNeer <tmcn...@gmail.com> wrote: > > Hi, > > I've just discovered that one of my servers, running 9.02, has been hacked. > I'm not sure of the update level, because the hack is visible in the > administrator and prevents its use. > > It's not the old h.cfm hack. I haven't been able to find any references to > what I'm seeing, but I hope someone else knows what's up. > > I have not seen any obvious problems caused in the sites delivered from the > server. It became evident when I tried to log in to the admin today to > check on something. > > The immediate symptoms are that an ad appears in an iframe below the CF > Admin login inputs; the username input label has been restyled and appears > to have a link behind it. > > A recurring popup says "The page at b1.zcxbtm.com says: WARNING, Your Java > version is outdated, have security risks, Please update now." > > Naturally, none of this is visible in View Source. No reference to other > files and scripts. The View Source is identical to one on a non-hacked > server. > > The CF Admin is not publicly accessible - at least not normally. I can see > that a site was added and used temporarily which had a virtual directory > pointing to the admin, most likely one created by running the config tool. > That site is dead now, but it could easily have been a vector at one time. > > The CF service _is_ running under the System account. I know this is bad > practice, but I didn't set up the server. > > Any suggestions for troubleshooting this would be greatly appreciated. And > I'll certainly be happy provide any other details I can. > > -- > Thanks, > > Tom > > Tom McNeer > MediumCool > http://www.mediumcool.com > 1735 Johnson Road NE > Atlanta, GA 30306 > 404.589.0560 > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359635 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm