I noticed my CF server started timing out a lot lately. Then I looked at the
code and on the Application.cfm page at the top was this code that I didn't put
there. Anybody know what this is and how it might have gotten on the
Application.cfm pages of the sites on this VPS? Not sure how it got
I noticed my CF server started timing out a lot lately. Then I looked at the
code and on the Application.cfm page at the
top was this code that I didn't put there. Anybody know what this is and how
it might have gotten on the Application.cfm
pages of the sites on this VPS? Not sure how it
Yeah I had figured out what the code did. My main concern is figuring out how
they did it and preventing it in the future. I had already done the lockdown
stuff many months ago which is why I am kind of baffled. I checked the FTP logs
and see nothing in there for those files so the attack
you should also check that you have all the hotfixes installed, especially
recent ones which plugged a vulnerability that would allow attackers to
upload files, which has been blogged and tweeted a lot.
check your FTP logs for any hacked ftp accounts.
A general security scan against your server
Yeah our host Hosting.com sent out an email about those vulnerabilities and we
applied the hotfixes for those already. About 6 weeks ago I think. The only
thing I can think of is the cfide is setup as a virtual directory for these
sites so they can use things like the FCKEditor etc. Is there
Yeah I had figured out what the code did. My main concern is figuring out how
they did it and preventing it in the future. I
had already done the lockdown stuff many months ago which is why I am kind of
baffled. I checked the FTP logs and see
nothing in there for those files so the attack
Good tips about developers being able to run software under other licensing
rules - I did not think that one through fully I can see now.
I personally disagree, respectfully of course, with the people who say, that
developers should be able to maintain CF and web server, as well as set up 3rd
Michael,
Most developers should know how to install ColdFusion, it is dead simple to
begin with, maintaining it well that is another story.
But what interests me is this statement
*The plans were eventually dropped, as it was deemed too expensive (in
terms of lost productivity) and adding an
Michael, I've noticed you, and others, have mentioned server maintenance.
To be clear, I think there is a -far- difference between someone who is an
expert in Apache and IIS tuning and someone double clicking to install
Apache. I don't think developers should be fine tuning Apache, or DB
servers.
@Andrew
Most developers should know how to install ColdFusion, it is dead simple to
begin with, maintaining it well that is another story.
If your premise is that we are talking about developers who are running a setup
where each person has a local CF server on his/her machine, then I would
Michael, I've noticed you, and others, have mentioned server maintenance.
To be clear, I think there is a -far- difference between someone who is an
expert in Apache and IIS tuning and someone double clicking to install
Apache. I don't think developers should be fine tuning Apache, or DB
servers.
Hard evidence, I will give you the worst case scenario.
Joe has opened a file and begun working on a file, in your current setup
that means the file will be locked from other developers, now he has gone
to lunch and within 5 minutes another developer needs to make changes to
that file. While one
On Sat, Feb 2, 2013 at 3:33 PM, Michael Christensen mich...@strib.dkwrote:
I personally disagree, respectfully of course, with the people who say,
that developers should be able to maintain CF and web server, as well as
set up 3rd party components etc. To me, that is like saying that any
One of the primary reasons a developer should have a clue what happens on
the server is so they can actually debug and diagnose problems instead of
saying to their client/boss it must be the hosts fault, lets get a new
host, which is hardly ever the cause of the problem.
I have seen plenty of
@Russ
I can certainly tell, that we have very different views as to which constitutes
a quote-unquote developer.
In keeping with the automotive analogies, I feel that what Raymond is
essentially saying, is that he would not hire you to drive a car, unless you
were a mechanic.
I feel
No what Ray is saying is that a developer should be able to turn the car on
and drive it, but to maintain the car you need professional help with it.
Michael I think you need to stop for a minute, a developer should know
there way around the Administrator, they should also know how to add sites
I admit, there may be every chance that the reason why I don't agree with you
is that A) I am not used to an environment in which developers develop locally
or (perhaps more frighteningly) B) I am just not very bright.
I am always willing to learn and expand my horizon though, so could you
setting up and managing servers is quite different to having a clue about
how your app works and some basic web server knowledge. A developer
certainly does not need to know the former, but he should at least have a
clue about his own development environment and be able to set it up as
close as
If I may, I think there are some core concept differences between Michaels
scenario and the others. What I am seeing in your questions and responses
points to a corporate structure where development is not a part of IT.
Correct me if I'm wrong there.
In many cases the structure is different,
On Sat, Feb 2, 2013 at 6:26 PM, Michael Christensen wrote:
I admit, there may be every chance that the reason why I don't agree with
you is that A) I am not used to an environment in which developers develop
locally
I'd say that's a really good reason for you to have previously not agreed
With most of the jobs I have had (Here in the US), web developers usually
are not only the developers, but also the DBA, sys admin, network admin,
project manager, etc...
Eric
-Original Message-
From: Michael Christensen [mailto:mich...@strib.dk]
Sent: Saturday, February 02, 2013 6:11
I personally disagree, respectfully of course, with the people who say, that
developers should be able to maintain
CF and web server, as well as set up 3rd party components etc. To me, that is
like saying that any developer
should be able to set up a database server, know how DNS functions
Would I expect my chauffeur to be able to diagnose a flat tire and change it?
Absolutely.
Would I expect him to be able to diagnose and fix a problem in the engine
management system? Absolutely not.
There's a potentially large range of items between those two. I think
you would find that
http://www.adobe.com/support/security/bulletins/apsb13-03.html
This is the recent fix that effected many of our servers. Which lead to
many sites (and vps) with that compromise.
When Hosting.com (our parent company) sent the notification to their
customers there was no hot fix.
Our
This is our direct-client opening for a ColdFusion Developer located in Santa
Barbara, CA for a 6+ month contract.
Our client is looking for a senior developer who has extensive experience in
building enterprise level web applications using Cold Fusion. The ideal
candidate will also have
25 matches
Mail list logo
