I appreciate all the suggestions - and I especially appreciate when you step in, Dave.
Certainly, I'm considering a clean installation. But as a followup: Dave's comment about "the problem is almost certainly in the browser itself or some other piece of malware installed on the client" brings up lots of other possibilities. To be clear (since some other folks have misunderstood this), I can't say that this hack appears *only* in the CF Admin login page, or only in the CF Admin. I have the browser on the server set to the CF admin as a default, because that's what I use the browser for - administering CF. So the hacks appeared immediately after the browser was started and the first page loaded -- which *happened* to be the CF Admin. It's entirely possible, as Dave suggests, that the problem isn't related to CF at all, now that we've discussed it. That doesn't make it less of a problem. In fact, it means there are lots of other possible vectors. On Wed, Nov 12, 2014 at 3:29 PM, <> wrote: > > >>One is that, while it doesn't show > up in the view source for a given page, a JS library referenced in the > page has been compromised to rewrite page content. > > Of course, this is quite possible in theory, however it would imply that > the hacker has already hacked the server, and one could ask what he is > still trying to hack. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359632 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
