We had an attack yesterday to one of our anonymous uploads we provide for our faculty & students to upload documents and some files. We were attacked yesterday (which was partly our fault for having this open to all file types) we have now minimized these files to the best of our ability for this application.
The attack yesterday though was a valid file type but had a php script on the document that when read it would somehow give open access to write to our website. These "individual(s)" changed our footer by inserting a few links in Turkish language that linked to inappropriate sites one can only guess what they had and/or did on them. In our Development Meeting this morning we talked about two points we need to try and accomplish to prevent this from happening again (on top of the security we've already done): 1. Saving files uploaded in a folder that is not open to everyone but secure for only downloading the uploaded material via link of some sort. 2. Some way to scan the content of the file(s) uploaded for malicious code that would cause harmful consequences to our site again. I did some research yesterday on preventing malicious code being uploaded from open anonymous fields (http://www.paulsilver.co.uk/code/coldfusion_file_sandbox_security.php) this was the best I could find. It solves #1 on our list, which we have sort of already done minus using CFCONTENT. I tried to look on HoF and this was the best I could find (http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:59164) which doesn't really address my problem at all. So, we have come up with a way to make sure the correct extensions and presenting the material back to individuals correctly, but I'm still not convinced this is the best solution to preventing malicious code to come through and make trouble for us again. One other suggestion that was made at the meeting was to email the attached file to our IT department which they will review and approve/disapprove the file. This of course would be the logical way of doing things, but we have individuals who might need the file quicker and I'm confident there's some type of script/software out here that we can implement on top of the human verification that will help us prevent this from happening again. I just wanted to post this to see if any of you had better ideas in your years of experience. I'm confident you have all thought or experienced this in your own business's. I'm also confident that there's a way to use CF to assist in this problem. I just don't have enough knowledge to come up with the best method, yet. :) Thanks in advance! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:338760 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
