well in our case, we already fixed the problem that allowed the person to upload in the first place. i posted it in one of the first posts in this thread.
The problem we where having was finding the script that was still getting ran, which we finally found. On Thu, Apr 30, 2009 at 10:53 AM, Dave Watts <dwa...@figleaf.com> wrote: > > > We finally fixed our issue. > > After a long crackdown on security on our server, one of our sites (the > one > > that was causing all the fuss) gave me it's name and after about 2 mins > it > > was quite clear what was causing it. > > > > mw.asp - (contents can be found here: http://pastebin.com/f5d798bd1 ) > > > > and we already moved the sites that had important info to another > *secure* > > server, so until we get the dns info to all the sites so we can migrate > them > > over to another server, we are going to have to stick with this one for a > > few weeks. > > > > Just figured i'd share the final cause of the problem. > > Well, actually, that's not the final cause of the problem, just to be > clear. The cause was whatever allowed someone to upload the file in > the first place. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > > Fig Leaf Software provides the highest caliber vendor-authorized > instruction at our training centers in Washington DC, Atlanta, > Chicago, Baltimore, Northern Virginia, or on-site at your location. > Visit http://training.figleaf.com/ for more information! > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:322081 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
