One more followup: whatever this is, it isn't related to CF. I jumped to the wrong conclusion.
The problem reappeared when I was in the CF admin page, long after I'd logged on. But then I opened another browser and purposely asked for a local page that didn't exist. The IIS error page contained ads. Again, this doesn't make me feel a whole lot better. But folks should know that this is not a new CF attack. On Wed, Nov 12, 2014 at 3:56 PM, Tom McNeer <tmcn...@gmail.com> wrote: > I appreciate all the suggestions - and I especially appreciate when you > step in, Dave. > > Certainly, I'm considering a clean installation. > > But as a followup: Dave's comment about "the problem is almost certainly > in the browser itself or some other piece of malware installed on the > client" brings up lots of other possibilities. > > To be clear (since some other folks have misunderstood this), I can't say > that this hack appears *only* in the CF Admin login page, or only in the > CF Admin. I have the browser on the server set to the CF admin as a > default, because that's what I use the browser for - administering CF. So > the hacks appeared immediately after the browser was started and the first > page loaded -- which *happened* to be the CF Admin. > > It's entirely possible, as Dave suggests, that the problem isn't related > to CF at all, now that we've discussed it. > > That doesn't make it less of a problem. In fact, it means there are lots > of other possible vectors. > > On Wed, Nov 12, 2014 at 3:29 PM, <> wrote: > >> >> >>One is that, while it doesn't show >> up in the view source for a given page, a JS library referenced in the >> page has been compromised to rewrite page content. >> >> Of course, this is quite possible in theory, however it would imply that >> the hacker has already hacked the server, and one could ask what he is >> still trying to hack. >> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359633 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm