We finally fixed our issue.
After a long crackdown on security on our server, one of our sites (the one
that was causing all the fuss) gave me it's name and after about 2 mins it
was quite clear what was causing it.
mw.asp - (contents can be found here: http://pastebin.com/f5d798bd1 )
and we
, Dave Watts dwa...@figleaf.com wrote:
We finally fixed our issue.
After a long crackdown on security on our server, one of our sites (the
one
that was causing all the fuss) gave me it's name and after about 2 mins
it
was quite clear what was causing it.
mw.asp - (contents can be found
Not sure if any more info on this subject has came up, but here is the
contents of the file gm.vbs that was doing all the dirty work:
http://paste-it.net/public/v22f672/
I have also noticed a new file named:
1.exe in the c:\ root directory. It has an icon of BMW (the car company),
not sure
-
From: ALL [mailto:thegreat...@gmail.com]
Sent: Thursday, April 23, 2009 3:34 AM
To: cf-talk
Subject: Re: Question about hack
Not sure if any more info on this subject has came up, but here is the
contents of the file gm.vbs that was doing all the dirty work:
http://paste-it.net/public
at 1:31 PM, Mark Kruger mkru...@cfwebtools.com wrote:
For those interested I have compiled all I know about this attack into a
blog post:
http://www.coldfusionmuse.com/index.cfm/2009/4/16/iframe.insertion.hack
Again, we have not specifically identified the attack but we have lots
, Apr 10, 2009 at 7:53 AM, Mark Kruger mkru...@cfwebtools.com wrote:
Nathan,
Can you answer a question for me. Does this attack affect all cfm pages
or
does it affect index.* pages?
-Mark
Mark A. Kruger, CFG, MCSE
(402) 408-3733 ext 105
www.cfwebtools.com
www.coldfusionmuse.com
Jason, look for a file named logs.asp or log.asp or one named top.aspx if
you see either of those files on your computer look at them and possably
delete them. Those where the files that where where the infection was being
told what to do.
also, will you tell me what Content Management System
Aol just won over $7 million from a spamming company.. they are cracking
down.. I wouldn't be surprised ...
http://news.com.com/2100-1023-978019.html
Don't know if this has anything to do with this topic at all.
Jacob.
- Original Message -
From: Mark W. Breneman [EMAIL PROTECTED]
To: CF
If I wanted to do something along the lines of:
joe.cfm?img=/images/go.jpg
and have joe.cfm turn into the actual image how would i accomplish such a
task? i'm interested in keeping from being able to look at photos unless
they are logged in and i want cfm to manage the logging in via session
it this way. I don't think our servers can
handle all those cfcontens a day.
jacob.
- Original Message -
From: Joshua Miller [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Thursday, November 21, 2002 12:30 PM
Subject: RE: img!
I think I saw something on this at DepressedPress.com - related
Now will that work with pushing videos? MPGs, AVIs, WMV, ASF, etc..? What
would the content have to be then? Where is a list of the valid content
types?
THank you guys so much,
jacob.
- Original Message -
From: Matt Liotta [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent:
, 2002 3:25 PM
Subject: Encryption gurus please read
Hey All,
I'm not entirely sure why I'm getting the results I am, so I'll ask this
question:
Why is it that the returned encrypted value can vary even though the
string
being encrypted and the key used remains constant (i.e. when encrypting
.
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted
We have to protect an entire directory and it's subdirectories with CF.
We'd like to use CF to process our logins.. but can't have people directly
linking to JPGs and MPGs etc under neath.. since CF can't really protect
these individual files unless called through a CFM page, we've run into a
I was trying that with cfcontent and it's just destroying the server.
coolfusion.com had a solution for me, they had an iauth tag that would take
a yes or no from cf and pass a generic l/p to windows if yes and would just
shut down if no.
but it stopped working.
so i'm looking for other
Well we have to protect all the files. JPGs, .MOVs, .MPGs.. everything
basically.
We're not just selling access to images. :-)
J
- Original Message -
From: Stephen Moretti [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Tuesday, October 29, 2002 10:18 AM
Subject: Re: Protecting
we're having a problem with jrun.exe hitting 900+mb of ram whenever we
launch our site to the public...
on the server with 3-4 testers hitting it, it's fine
then we launch and get 1000+ users and it's taking all the ram it can... sql
server stays put at 165mb ram... yet jrun.exe skyrockets
, that could cause some memory corruption as well.
-Original Message-
From: JLH All Turbo [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 15, 2002 11:09 AM
To: CF-Talk
Subject: cfmx jrun.exe hitting 900mb ram
we're having a problem with jrun.exe hitting 900+mb of ram whenever we
it.
Ryan
-Original Message-
From: JLH All Turbo [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 15, 2002 10:48 AM
To: CF-Talk
Subject: Re: cfmx jrun.exe hitting 900mb ram
Okay, well i added the dsn to ms odbc manager
and then had to add it to cfmx's admin via the dsn manager
: http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion Hosting.
Why don't you send like 450-451 of your code so we can see what's causing
the error.
J
- Original Message -
From: Mitko Gerensky-Greene [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Thursday, September 26, 2002 10:20 AM
Subject: let me try again: Urgent need for help with CFHTTP
You guys know of a free or inexpensive, basic (or with a few features) CF
web mail package?
j
__
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
America looks to be using JSP
- Original Message -
From: Matthew R. Small [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Friday, August 16, 2002 1:20 PM
Subject: RE: ANY Major Company using Cold Fusion
Nintendo of America and Scholastic Publishing.
Matthew Small
IT
The biggest one I've seen using CFM (even if it's for cflocation's :-) ) is
Bank of America.
Jacob.
__
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics.
them. Are there
drawbacks to letting CF generate the js to validate your input fields?
There
must be a good reason.
__
This list and all House of Fusion resources hosted by CFHosting.com. The place for
dependable ColdFusion
When I tried to use cfinput, it had to download an applet onto the client
machine. So I decided to stick with self-validation rather than requiring
a
user automatic download that they might be concerned about.
-Original Message-
From: JLH All Turbo [mailto:[EMAIL PROTECTED]]
Sent
http://www.dynamicdrive.com/
- Original Message -
From: FlashGuy [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Tuesday, August 13, 2002 1:43 PM
Subject: Re: Drop menu
DHTMLCentral doesn't have anything similar to the one on Microsofts site.
Maybe I can implement a different
trying to upload files. here's what i got.
upload.cfm =
form action=upload-action.cfm enctype=multipart/form-data
input type=file name=filecontents
br
input type=submit value=UPLOAD THE FILE
/form
upload-action.cfm =
CFFILE ACTION=Upload
FILEFIELD=FileContents
How can I structure a query and it's output to pull all the records out that
have a certain field = something and have them grouped by another field...
And then in the output put a header for each group?
In a DB with baseballs and footballs and different locations for the balls.
Pull all balls
are ordering by LocationName, then
cfoutput query=... group=LocationName
h1#LocationName#/h1
cfoutput
#Ball#
/cfoutput
/cfoutput
Is that what you mean??
- Original Message -
From: JLH All Turbo [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Saturday, August
Woops, I didn't mean to post that query in there. Hehe. Sorry, disregard
it.
J
- Original Message -
From: JLH All Turbo [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Friday, August 09, 2002 9:49 AM
Subject: Re: SQL Help
Actually let me show you
SELECT
:00 PM, you wrote:
CY I'm doing a project the has INSERT INTO, UPDATE and DELETE forms. My
CY question is when I do my INSERT INTO or UPDATE, not all of my table
form
CY fields get inserted or updated. I can't figured out the glitch,
sometimes
CY it's fine and other times it would miss
I've used the e-zone media one.
It's an old version but we used it for a while at
www.MeansToBe.com/std/forums2/
we opted to change. it's not as full featured or as nice as a message board
should be. we've got over 35,000 posts so the other forum software couldn't
really handle it.
even the
I'm looking for a real estate package similiar to oceancityhomeguide.com
Anyone have any reccomendations?
J
__
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics.
What do you folks use to allow users to upload an image and have cf process
it into a thumbnail and a fullsize version and compress it?
thanks,
jacob.
__
Signup for the Fusion Authority news alert and keep up with the latest
We have to protect an entire directory and it's subdirectories with CF.
We'd like to use CF to process our logins.. but can't have people directly
linking to JPGs and MPGs etc under neath.. since CF can't really protect
these individual files unless called through a CFM page, we've run into a
]
-Original Message-
From: JLH All Turbo [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 16, 2002 9:50 AM
To: CF-Talk
Subject: Protecting non CF files with CF
We have to protect an entire directory and it's subdirectories with CF.
We'd like to use CF to process our logins.. but can't have
Message-
From: JLH All Turbo [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 16, 2002 10:40 AM
To: CF-Talk
Subject: Re: Protecting non CF files with CF
Actually we are using IIS.
But. we may be able to use Apache.. nothing is set in stone yet...
How would we go about doing
://www.coolfusion.com/imssecomparison.cfm
- Original Message -
From: JLH All Turbo [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Tuesday, July 16, 2002 9:49 AM
Subject: Protecting non CF files with CF
We have to protect an entire directory and it's subdirectories with CF.
We'd like to use
39 matches
Mail list logo