>
> Are people uploading .exe or .vbs files onto the server?
Yes.
> A ColdFusion rule that prevents these files from being saved would be the better strategy, and even this I would consider to be more of a hack attempt than an actual virus. I do not know of any virus that is capable of automatically uploading itself to servers via Web-based forms, but I suppose this is an avenue future virus writers can explore.
I would presume that one would solve this from a server integrity
point of view by so called 'write or execute' ACLs on the
filesystem and in the webserver. Doesn't protect visitors with
vulnerable browsers, but it does protect your server.
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
