Re: index.cfm being hacked (now application.cfm)
Yep same thing here, someone at my company had their laptop compromised - changing his FTP password didn't work, had to just lock out his account, setup a separate one for use in the office, now he just can't FTP from home... There are ways to prevent even this sort of thing...use key pairs, so that you'd need the ssl key as well as your regular login, use a token system, etc - obviously these are not trivial things to implement though depending on the size of the organization. I went through this last year. It's a nightmare of possibilities. I can save you all a TON of time right here. I thought they were targeting just files named index.cfm so I changed all my home page filenames to something else. Whatever the process was it got wise to it within days. I changed file and folder permissions, I changed this and that, I even shut off Cold Fusion to see what would happen. It's not coming from the server side It's coming right through your FTP channel. Simple and clever. If you don't want to have to fight security go through the front door. That's what they are doing. If you visit an infected site it silently downloads through their javascript a worm to your computer. It looks for FTP configuration files. Cute, Dreamweaver, whatever, if it's FTP this worm finds it. Then every 24 hours it, or someone, logs in to your sites using FTP and carefully appends your default pages with the malicious hijack script (the script has been getting more and more sophisticated it changes all the time so detecting a pattern is impossible. The client calls you in anger, you find it, freak out, replace the files with good ones, even turn off write access to the file, and in a day or so you it happens again. You can spend the better part of your lives trying to figure out how the attacker is getting onto the server. The answer is under your nose. Wipe and reload the OS on any computer in your company that has FTP access to the infected sites. I haven't found a scanner that will detect this thing yet. Better safe than sorry. Wipe and reload. THEN - make it a policy to NEVER store an FTP password again. I manually enter all my FTP passwords now. It's a few seconds here and there, sometimes it's a pain, but I haven't had a problem with an infected site since. If you find this helpful please let me know off-list. Thank you. Nick Is the site in question on a SHARED Server? I had this issue a while ago and it wasn't my site, but someone else's and it rewrote every default page on the entire server no matter what language. Just a thought. They could have modified the exploit to not only do index.html, index.cfm, etc. but say, application.cfm, etc. It took the hosting company a while to track down the actual site that got hacked. Terry AFAIK (kinda guessing here) Google doesn't sniff the files themselves, they just hit a link and sniff the resulting HTML. So anything that's output to the resultant page, whether on the index.cfm or application.cfm, will be picked up by Google. -- Josh thanks for that mary. this seems like a good idea. i will contact hostek today to try and have the ftp restricted. because they are modifying just the application file now, i think it must be an auto script as when they were attacking the index file the links were very visible to google. it doesn't make sense now to include their links in ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:340062 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Vmware and CF 8+
Correct - ESXi only supports two processors, neither of the relatively cheap SMB packages support more than two procs either (i'm in the midst of doing this myself...but with a dual proc machine). Microsoft hyper-V does not have this limitation (although in general it seems VMware is favored over MS - biggest problem with hyper-v is that service packs and critical fixes that require a reboot of the underlying OS means you have to reboot however many VM's are running on your box too). Would it make sense to do this? Absolutely! Several months ago we began consolidating some of our older servers on to a Dell 2950 with 32GB and lots of RAIDed hard drive space. We installed VMware ESXi on the base machine and then copied the ISO images for our server installs. We use vSphere to manage it remotely. It doesn't have all of the features of the paid VMware solutions, but it's enough to run a bunch of virtual machines which all hum along nicely without any trouble. I believe that ESXi only supports two processors though, so you likely wouldn't be able to take full advantage with the free version. -Justin Scott ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337211 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Vmware and CF 8+
yep you are correct (I could swear I just looked at this page, but whatever:) http://www.vmware.com/products/vsphere/buy/small_business_editions_comparison.html however, strangely, both of the SBS solutions do limit you to 2 procs/server...which is a bit odd - considering you are going from a free to a paid product! Which means if you want free...no problem, if you want to add say...vMotion for under 5 figures with a 4 proc machine you are out of luck... the whole back and forth between MS and VMware will be good for all of us though as it'll drive features down the chain:) I think ESXi supports more processors now in vSphere 4.1 that was released back in July. I would send a tweet to @VMwareCares on Monday, Rick Blythe who runs that account can help you out on a lot of your VMware Tech questions. If you don't get the results there, send me an email lkilpatr...@vmware.com or post your question on the VMware Communities, there are many people there that can answer your questions too. Here are a few links that might help you out. http://communities.vmware.com/home.jspa - VMware Community http://www.vmware.com/resources/compatibility/search.php - Compatibility Guide http://www.vmware.com/support/vsphere4/doc/vsp_41_new_feat.html - New Features in vSphere 4.1 Hope this helps, Luke Kilpatrick Social Media Producer VMware, Inc. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337216 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Vmware and CF 8+
true...I knew that, I think I meant more that nearly every month MS has at least one patch that requiresa reboot, rarely do I go through a patch tuesday without some critical fix... I saw a timeline somewhere where there are far more patches that require rebooting on the MS side - which is only to be expected as it's a full blown OS running there...as opposed to a stripped down kernel, just running what needs to be run for the one function. biggest problem with hyper-v is that service packs and critical fixes that require a reboot of the underlying OS means you have to reboot however many VM's are running on your box too). I use ESXi myself, and to be fair to Microsoft, when a critical patch for ESXi is release it requires the same process (shut down the VMs and reboot the hypervisor). Since I deployed ESXi there has been one patch I needed to install and that was four months ago. Most of the patches that come out are related to the CLI which ESXi doesn't ship with, so they're not relevant. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337217 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: FYI: Windows DATE/TIME Glitch affecting CF DATE/TIME Functions
Is your version of Java patched for the latest daylight savings dates? mxAjax / CFAjax docs and other useful articles: http://www.bifrost.com.au/blog/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:320281 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client IP changes on SSL- tricks load balancer
It is possible that the user has a different proxy for http than for https - this would possibly give you a different IP for http vs https. There are not many really good reasons to do that, so it's somewhat unlikely, but possible. That's a good question Mark. We are not using domain cookies, but I can confirm that all the requests in question are hitting the same domain. I can also confirm that the loss of session is a direct result of the load balancer moving them from one server to another where their session no longer exists. ~Brad Are you sure something else is not going on dealing with domain cookies? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319810 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Client IP changes on SSL- tricks load balancer
It is possible that the user has a different proxy for http than for https - this would possibly give you a different IP for http vs https. There are not many really good reasons to do that, so it's somewhat unlikely, but possible. That's a good question Mark. We are not using domain cookies, but I can confirm that all the requests in question are hitting the same domain. I can also confirm that the loss of session is a direct result of the load balancer moving them from one server to another where their session no longer exists. ~Brad Are you sure something else is not going on dealing with domain cookies? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319811 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Easy Credit Card Processing Service?
My Company uses paypal - they do regular credit card processing, not just paypal. And using them as a regular merchant gateway isn't subject to the arbitrary holds they seem to place on paypal funds sometimes (ie it's just like using any other merchant gateway). The implementation is *very* simple and there's sample code available in the developers section of the website. Additionally they provide a sandbox environment for testing so you can fake it while designing the site. There are many, but two I can think of off-hand are * Payflow Pro (now owned by PayPal) * Card Services International (www.cardservice.com) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315779 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Script to move email to from undelivr to spool?
I simply use this: cfdirectory directory=undelivr action=list name=undelivr cfoutput query=undelivrcffile action=move destination=spool\#undelivr.name# source=undelivr\#undelivr.name# /cfoutput replace undelivr and spool with your actual undelivr and spool directories. Run as often as you deem nec. Remember to run it seperately on all undelivr directories (for instance if you are load balancing you may have one on ever server you load balance). Create a cfm file with the above and schedule it using the task scheduler. My project, the Undelivrnator, can be used for this: http://undelivrnator.riaforge.org/ Simply set up a scheduled task, a table in the db to use as a monitor, and you're good to go. andy Hi folks, We need to develop a script that can move mail from the undelivr folder to the spool folder in CF. My recollection is that there was some talk on this board a while back about this issue and maybe that a script had been developed. I checked the archives and riaforge with no luck. Does anyone know if such a script is already built and available? Thanks in advance, Nick ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314809 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Script to move email to from undelivr to spool?
I simply use this: cfdirectory directory=undelivr action=list name=undelivr cfoutput query=undelivrcffile action=move destination=spool\#undelivr.name# source=undelivr\#undelivr.name# /cfoutput replace undelivr and spool with your actual undelivr and spool directories. Run as often as you deem nec. Remember to run it seperately on all undelivr directories (for instance if you are load balancing you may have one on ever server you load balance). Create a cfm file with the above and schedule it using the task scheduler. If you have received this message multiple times please excuse me, I keep trying to post this and it says it posted but then I don't see anything on the list, perhaps there's a delay I'm not aware of. My project, the Undelivrnator, can be used for this: http://undelivrnator.riaforge.org/ Simply set up a scheduled task, a table in the db to use as a monitor, and you're good to go. andy Hi folks, We need to develop a script that can move mail from the undelivr folder to the spool folder in CF. My recollection is that there was some talk on this board a while back about this issue and maybe that a script had been developed. I checked the archives and riaforge with no luck. Does anyone know if such a script is already built and available? Thanks in advance, Nick ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314810 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
