> Each and every .cfm file that is on a site that is mapped to iis was > affected. If a .cfm was in a non-mapped directory then it was not > touched. This says to me that the hole is in iis.
Unless you're running a very old version of IIS, this is highly unlikely. You almost certainly have some script (CF or other) that is rewriting the other scripts. You should be able to use the IIS logs to find the call to this script, and you should be able to look at the date of one of the modified files to see when this was done. To remediate the problem, whatever services run scripts (CF or other) should not run as a user with permissions to write to these files. Unless you're using CFFILE all over your site, this shouldn't be a problem. CF should not be running as SYSTEM. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:326323 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
