I have locked down the default /CFIDE/administrator and /CFIDE/adminapi/ folder in /inetpub/; I also locked down the virtual /CFIDE/ folders that I created for my various ColdFusion web sites. Only 127.0.0.1 can access them now.
After reading Charlie's posts, I think this is a good time to review the CF 9 lockdown guide as well. I downloaded and reviewed the h.cfm file -- yeah, it is pretty clever. This might sound like a basic question, but how did that hacker place the h.cfm file in /CFIDE/ to begin with? By utilizing tools that already existed in /CFIDE/? Eric -----Original Message----- From: Steve Artis [mailto:st...@artisdesigns.com] Sent: Friday, January 04, 2013 1:30 PM To: cf-talk Subject: Re: New Security Issue with CF Yes Sent from my iPhone On Jan 4, 2013, at 12:28 PM, "Claude Schnéegans" <schneeg...@internetique.com>> wrote: > >> but i think the way this one works quite ingenious. > > I'm not sure if it is as much ingenious as the breach is gross, frankly. > Have you seen how the schedule task could have been set? > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353776 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm