While people are there, you might want to see what appending '?mode=debug' does, and setting the debug settings in administrator to be minited to the localhost IP :-) -----Original Message----- From: Jon Hall [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 29, 2001 3:25 PM To: CF-Talk Subject: OT: Fix your servers - +.htr For anyone who may have missed the huge thread a few months back I just wanted everyone to please check to make sure your IIS web server has all the latest patches or you have removed: htr htw idc ida printer extensions from the web server. Every single IIS 4 and IIS 5 web server is installed by default with a number of bugs that allow a hacker to take over your web server very very easily. You can test your web server by going to any page and adding +.htr to the end of the page. http://myserver.com/index.cfm+.htr View the source and if you see CF code, you are vulnerable. Further reading is here http://www.wittys.com/files/mab/iis-hacking.html The reason I posted this is that for the last three days in a row I have found a high profile CF based web site (a financial one even) with this bug each day! I wasn't even looking for them, it just habit to check now. I will not say who they are, but todays site, many of you probably had in your inbox this morning. jon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
