thanks pete, i just saw this reply.
ill show him and my people at work :)
cf-ras
On Fri, Feb 24, 2012 at 2:44 PM, Pete Freitag p...@foundeo.com wrote:
On Thu, Feb 23, 2012 at 7:39 PM, James Holmes james.hol...@gmail.comwrote:
This would confirm which patches are missing:
On Thu, Feb 23, 2012 at 7:39 PM, James Holmes james.hol...@gmail.comwrote:
This would confirm which patches are missing:
http://www.hackmycf.com/
James - it will let you know to the best of its abilities, but there are
certain factors that might cause it to not detect a missing patch (eg
Enterprise combines great features
with an affordable price.
..
-Original Message-
From: Pete Freitag [mailto:p...@foundeo.com]
Sent: Friday, February 24, 2012 11:44 AM
To: cf-talk
Subject: Re: CF attack
I would say that most folks running their own web server with no previous
expereince usually do leave great big holes.
running every site under the default iis user
not removing everyone group from drives
not sandboxing coldfusion
these things can allow code in any sites to read/read to any
On Wed, Feb 22, 2012 at 7:55 PM, Ras Tafari rastaf...@gmail.com wrote:
any idea how they were able to get the file that ran into the cfide
directory? and what might prevent that part?
that's the most haunting part to him. i said it was probably a
windows exploit first... not sure tho.
If
This would confirm which patches are missing:
http://www.hackmycf.com/
--
Shu Ha Ri: Agile and .NET blog
http://www.bifrost.com.au/
On 24 February 2012 02:46, Pete Freitag p...@foundeo.com wrote:
On Wed, Feb 22, 2012 at 7:55 PM, Ras Tafari rastaf...@gmail.com wrote:
any idea how they
hey guys.
this code was somehow dropped into my friends cfide directory and ran,
did lots of bad things, stole db passwords, changed his cf code, etc.
http://pastebin.com/Jg2Cs0ch
any idea how to protect from this kinda attack?
thanks!
cf-ras
I think the first step, provided that he has sandbox access (and
capability) is to disable cfexecute and limit createObject to coldfusion
components.
On Wed, Feb 22, 2012 at 11:04 AM, Ras Tafari rastaf...@gmail.com wrote:
hey guys.
this code was somehow dropped into my friends cfide
this code was somehow dropped into my friends cfide directory and ran,
did lots of bad things, stole db passwords, changed his cf code, etc.
http://pastebin.com/Jg2Cs0ch
any idea how to protect from this kinda attack?
thanks!
I would recommend that you read the CF 9 Server Lockdown Guide:
here's the code again incase pastebin killed that link
http://pastebin.com/qvBTEP50
On Wed, Feb 22, 2012 at 11:12 AM, Dave Watts dwa...@figleaf.com wrote:
this code was somehow dropped into my friends cfide directory and ran,
did lots of bad things, stole db passwords, changed his cf code,
I have seen variants of that script before, it is published in several
places.
In addition to what has already been mentioned, here are some steps you can
take to make sure these types of attacks fail (obviously though the more
critical issue is how did the attacker get the file there in the
any idea how they were able to get the file that ran into the cfide
directory? and what might prevent that part?
that's the most haunting part to him. i said it was probably a
windows exploit first... not sure tho.
any help is awesome.
thanks guys
On Wed, Feb 22, 2012 at 12:47 PM, Pete
any idea how they were able to get the file that ran into the cfide
directory? and what might prevent that part?
that's the most haunting part to him. i said it was probably a
windows exploit first... not sure tho.
Did you read my initial response? It describes the likely
possibilities for
I didnt, was in a meeting, fwd'd all msgs to him and didn't go back and
read... but it wouldn't hurt to read myself :)
On Wednesday, February 22, 2012, Dave Watts wrote:
any idea how they were able to get the file that ran into the cfide
directory? and what might prevent that part?
14 matches
Mail list logo
