What version of ColdFusion are you currently on and what's your patch level. I've seen instances where the vulnerability in the AdminAPI is exploited to upload templates that mass send junk mail. Look for a file called "h.cfm" in your CFIDE folder and in your webroot. That is the usual vector for this kind of attack.. If you find it, you'll need to assume that your entire server is potentially compromised as they have the ability to upload and execute any code in your system... -- Jeff -------- Original Message -------- > From: "G T" <tran.ga...@gmail.com> > Sent: Monday, August 18, 2014 1:13 PM > To: "cf-talk" <cf-talk@houseoffusion.com> > Subject: Re: EMail Injection Attack > > Hi Robert - Thanks for the reply, yes of course let me explain a bit more. > > While checking our sent mail logs, logged by coldfusion, we noticed emails were being sent out that was not directly sent through our own pages. Spam emails that were sent to different outside emails. > > So we can see that spam emails were sent outbound, but as of yet, we have no source of where they're coming from (ie. which pages are compromised). > > From what I've been researching, one way this is done by email inject - where they use form submissions to inject their own coldfusion code to form their own 'cfmail' sends. http://www.asadesigner.com/13-coldfusion/07d6a249de5791e6.htm > > Please let me know if you need additional info > > > Can you explain a bit more what you mean by email injection attack? > > Do you mean someone is spamming forms that generate forms email, or is > > someone using some application you have to generate spam? Can you > > provide a slightly better explanation of what's happening? > > > > > > Robert Harrison > > Director of Interactive Services > > > > Austin & Williams > > Advertising I Branding I Digital I Direct > > 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 > > T 631.231.6600 X 119 F 631.434.7022 > > http://www.austin-williams.com > > > > Blog: http://www.austin-williams.com/blog > > Twitter: http://www.twitter. > com/austin_ > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359135 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm