A few ideas: 1. Set the ftp security to only allow connections from specific IP addresses. If the user has a dynamic ip, then use his entire range.. better than letting the entire world in 2. Your blog shows why I said to Michael to reformat the drive and reinstall everything when he was attacked. Once you let someone else get access to your server, there is no way you can ever trust it again. It has to be reformatted. 3. I know it isn't the right way to fight an attack, but for this specific attack, just put your index.cfm file into a different file, then have your index.cfm file just do a cflocation to that page. If the hack adds stuff to the index.cfm page, nothing will happen to the users.
At 03:31 PM 4/16/2009, you wrote: >For those interested I have compiled all I know about this attack into a >blog post: > >http://www.coldfusionmuse.com/index.cfm/2009/4/16/iframe.insertion.hack > >Again, we have not specifically identified the attack but we have lots of >information and a stop gap measure :) > >-Mark > > >Mark A. Kruger, CFG, MCSE >(402) 408-3733 ext 105 >www.cfwebtools.com >www.coldfusionmuse.com >www.necfug.com > >-----Original Message----- >From: Mark Kruger [mailto:mkru...@cfwebtools.com] >Sent: Tuesday, April 14, 2009 5:37 PM >To: cf-talk >Subject: RE: Question about hack > > >Thanks... I'll add that to my list. > >I have a pretty hefty blog post coming out on this tomorrow (or hopefully >tomorrow :). > >-mark > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321715 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4