Thanks. Yeah, I've got the fix that only allows localhost access
I just got real nervous and wanted to make sure I wasn't missing
something.
I think I'll go ahead and remove the CFDOCS completely. Should
I also move the CFIDE directory to something obscure?
Ric Smith
> They were probably using a canned script which looks for the CF
> vulnerabilities. Either remove /CFDOCS/*, install the security fix, or
just
> remove the files in /expeval/. FYI, the security fix simply restricts
access
> to the localhost address for the files.
>
> Steve
>
>
> -----Original Message-----
> From: Ric Smith [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 05, 2000 4:12 PM
> To: [EMAIL PROTECTED]
> Subject: Snooping CFDOCS directory?
>
>
> I was looking through my logfile reports and found these
> entries which troubled me.
>
> http://www.kungfoo.com/cfdocs/expeval/displayopenedfile.cfm
> http://www.kungfoo.com/cfdocs/expeval/sendmail.cfm
> http://www.kungfoo.com/cfdocs/expeval/exprcalc.cfm
> http://www.kungfoo.com/cfdocs/expeval/openfile.cfm
> http://www.kungfoo.com/scripts/iisadmin/bdir.htr
>
> It appears someone was trying to do something they shouldn't
> have.
>
> I removed the /scripts/iisadmin directory long ago but the
> CFDOCS directory is still there. Is it safe to remove or rename
> this directory? What about the CFIDE directory, would it be
> safe to put NT Authentication on that directory?
>
> I was hoping someone could let me know if there's
> anything I need to worry about.
>
> Thanks.
>
> Ric Smith
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
