I would also change all of your passwords on the server... if it was
spyware on your local browser they now have every password you
entered recently -
~|
Order the Adobe Coldfusion Anthology now!
Wil - understood. I just appreciate the fact that so many people are
willing to help.
And I apologize for panicking over what was just a fairly simple local
virus (now removed).
But when you're working on a server that runs critical sites for one of
your clients, and you start seeing injections
Hi,
I've just discovered that one of my servers, running 9.02, has been hacked.
I'm not sure of the update level, because the hack is visible in the
administrator and prevents its use.
It's not the old h.cfm hack. I haven't been able to find any references to
what I'm seeing, but I hope someone
: Wednesday, November 12, 2014 10:40 AM
To: cf-talk
Subject: CF9.02 administrator hack
Hi,
I've just discovered that one of my servers, running 9.02, has been hacked.
I'm not sure of the update level, because the hack is visible in the
administrator and prevents its use.
It's not the old h.cfm
- CFG
CF Webtools
www.cfwebtools.com
www.coldfusionmuse.com
O: 402.932.3318
E: mkru...@cfwebtools.com
Skype: markakruger
-Original Message-
From: Tom McNeer [mailto:tmcn...@gmail.com]
Sent: Wednesday, November 12, 2014 10:40 AM
To: cf-talk
Subject: CF9.02 administrator hack
My one questions is you say that view source is identical from a hacked and
non hacked server - that seems odd. There are a number of hacks that could
produce results that manipulate your files by adding content.
Not necessarily. There's no reason that content can't be injected at
serve
Obviously, I still hope someone has seen a similar attack, because I'm not
all that relieved that the symptom has gone away.
Honestly, I would assume the worst, and do the following. Back up
server settings and the source files themselves, review the server
settings manually, review the source
There's no reason that content can't be injected at
serve time.
In this case, there would be a difference in the files delivered to the visitor.
IMO the hack is in the browser, not on the server.
~|
Order the Adobe Coldfusion
There's no reason that content can't be injected at serve time.
In this case, there would be a difference in the files delivered to the
visitor.
IMO the hack is in the browser, not on the server.
Yes, I missed the reference by the original poster about using view
source. If that's the
in to various
things...
-Mark
-Original Message-
From: Claude Schnéegans schneeg...@internetique.com
[mailto:=?ISO-8859-1?Q?Claude_Schn=E9egans schneegans@interneti=71?=
=?ISO-8859-1?Q?ue.com=3E?=]
Sent: Wednesday, November 12, 2014 1:40 PM
To: cf-talk
Subject: Re: FW: CF9.02 administrator
The idea that there's no visible indication in the view source makes me
consider that as well - but why would it just appear on a login page for the
cfadmin? Perhaps it looks for specific form field names and throws up the
java out of date message to prey on fears of folks logging in to
but why would it just appear on a login page for the cfadmin?
Who knows what may happen or not happen in some hacker's mind ? ;-)
Perhaps it looks for specific form field names
... especially input fields of type PASSWORD!
The hacker may be more interested in getting access to the CF
One is that, while it doesn't show
up in the view source for a given page, a JS library referenced in the
page has been compromised to rewrite page content.
Of course, this is quite possible in theory, however it would imply that the
hacker has already hacked the server, and one could ask what
I appreciate all the suggestions - and I especially appreciate when you
step in, Dave.
Certainly, I'm considering a clean installation.
But as a followup: Dave's comment about the problem is almost certainly in
the browser itself or some other piece of malware installed on the client
brings up
One more followup: whatever this is, it isn't related to CF. I jumped to
the wrong conclusion.
The problem reappeared when I was in the CF admin page, long after I'd
logged on.
But then I opened another browser and purposely asked for a local page that
didn't exist. The IIS error page contained
Tom,
Stop and go back to the CF Admin and check the setting for Missing Template
Handler. Make sure its blank or is actually pointing to a valid missing
template handler page that you setup. This blog post is why I mention that.
Most likely a virus / malware on your computer, not the server:
https://www.google.com/search?q=
Your+Java+version+is+outdated%2C+have+security+risks
--
Pete Freitag - Adobe Community Professional
http://foundeo.com/ - ColdFusion Consulting Products
http://hackmycf.com - Is your ColdFusion
One is that, while it doesn't show up in the view source for a given page,
a JS library referenced in
the page has been compromised to rewrite page content.
Of course, this is quite possible in theory, however it would imply that the
hacker has already hacked
the server, and one could
Wil,
Thanks. I'd already checked that. Mark chimed in earlier, and it's his post.
Pete,
Thanks. I was so concerned that the server was compromised in a way that
would affect its performance as a server, I hadn't had a chance to start
googling the text itself.
And Dave,
Thanks again. Yes,
Tom - I missed the email that Mark sent with that same blog post (which was
written by me). Mark and I tag team this stuff regularly.
Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com
wilg...@trunkful.com
www.trunkful.com
On Nov 12, 2014, at
20 matches
Mail list logo