I think the first step, provided that he has sandbox access (and capability) is to disable cfexecute and limit createObject to coldfusion components.
On Wed, Feb 22, 2012 at 11:04 AM, Ras Tafari <rastaf...@gmail.com> wrote: > > hey guys. > > this code was somehow dropped into my friends cfide directory and ran, > did lots of bad things, stole db passwords, changed his cf code, etc. > > http://pastebin.com/Jg2Cs0ch > > any idea how to protect from this kinda attack? > thanks! > > cf-ras > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350027 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm