For anyone who may have missed the huge thread a few months back I just wanted everyone to please check to make sure your IIS web server has all the latest patches or you have removed: htr htw idc ida printer extensions from the web server. Every single IIS 4 and IIS 5 web server is installed by default with a number of bugs that allow a hacker to take over your web server very very easily. You can test your web server by going to any page and adding +.htr to the end of the page. http://myserver.com/index.cfm+.htr View the source and if you see CF code, you are vulnerable. Further reading is here http://www.wittys.com/files/mab/iis-hacking.html The reason I posted this is that for the last three days in a row I have found a high profile CF based web site (a financial one even) with this bug each day! I wasn't even looking for them, it just habit to check now. I will not say who they are, but todays site, many of you probably had in your inbox this morning. jon ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
