Hello,
ColdFusion 10,286680 running on a Windows 2012R2 machine.
I want to create a Scheduled Task. The output should be saved to a file on a
network share. The network share is accessible via Windows explorer: either
using the UNC notation (\\network_share) or via a mapping (F:).
When I
Are you still running cf under the system account? If so then this is why,
and is also insecure.
You need to run cf as a user who has access to the network share.
If you are still running an out of the box install then you should also
follow the lock down guide.
On Wed, Nov 12, 2014 at 9:15 AM,
Are you still running cf under the system account? If so then this is why,
and is also insecure.
I forgot to add, CF10 is _not_ running under the local system acct - it runs as
a dedicated user that has access to the share. I found a solution already:
file:
Has anyone had any success using pdf packages and displaying it in any browsers
other than ie 8? I'm generating a pdf from cfpdf with package=yes. The pdf
opens in acrobat and ie8 but not in chrome,ff and ie9 and later.
Thanks in advance,
Tim
Sample disclaimer
Has anyone had any success using pdf packages and displaying it in any
browsers other than ie 8?
I'm generating a pdf from cfpdf with package=yes. The pdf opens in acrobat
and ie8 but not in
chrome,ff and ie9 and later.
I don't think the built-in PDF viewers used by most browsers will
Hi,
I've just discovered that one of my servers, running 9.02, has been hacked.
I'm not sure of the update level, because the hack is visible in the
administrator and prevents its use.
It's not the old h.cfm hack. I haven't been able to find any references to
what I'm seeing, but I hope someone
Tom,
My one questions is you say that view source is identical from a hacked and
non hacked server - that seems odd. There are a number of hacks that could
produce results that manipulate your files by adding content.
This one uses the missing file handler:
Hi Mark,
On Wed, Nov 12, 2014 at 12:33 PM, Mark A Kruger mkru...@cfwebtools.com
wrote:
My one questions is you say that view source is identical from a hacked and
non hacked server - that seems odd.
Extremely. That's why I mentioned it. I both looked through the source in a
browser and
My one questions is you say that view source is identical from a hacked and
non hacked server - that seems odd. There are a number of hacks that could
produce results that manipulate your files by adding content.
Not necessarily. There's no reason that content can't be injected at
serve
Obviously, I still hope someone has seen a similar attack, because I'm not
all that relieved that the symptom has gone away.
Honestly, I would assume the worst, and do the following. Back up
server settings and the source files themselves, review the server
settings manually, review the source
There's no reason that content can't be injected at
serve time.
In this case, there would be a difference in the files delivered to the visitor.
IMO the hack is in the browser, not on the server.
~|
Order the Adobe Coldfusion
There's no reason that content can't be injected at serve time.
In this case, there would be a difference in the files delivered to the
visitor.
IMO the hack is in the browser, not on the server.
Yes, I missed the reference by the original poster about using view
source. If that's the
Claude,
The idea that there's no visible indication in the view source makes me
consider that as well - but why would it just appear on a login page for the
cfadmin? Perhaps it looks for specific form field names and throws up the
java out of date message to prey on fears of folks logging in to
The idea that there's no visible indication in the view source makes me
consider that as well - but why would it just appear on a login page for the
cfadmin? Perhaps it looks for specific form field names and throws up the
java out of date message to prey on fears of folks logging in to
but why would it just appear on a login page for the cfadmin?
Who knows what may happen or not happen in some hacker's mind ? ;-)
Perhaps it looks for specific form field names
... especially input fields of type PASSWORD!
The hacker may be more interested in getting access to the CF
One is that, while it doesn't show
up in the view source for a given page, a JS library referenced in the
page has been compromised to rewrite page content.
Of course, this is quite possible in theory, however it would imply that the
hacker has already hacked the server, and one could ask what
I appreciate all the suggestions - and I especially appreciate when you
step in, Dave.
Certainly, I'm considering a clean installation.
But as a followup: Dave's comment about the problem is almost certainly in
the browser itself or some other piece of malware installed on the client
brings up
One more followup: whatever this is, it isn't related to CF. I jumped to
the wrong conclusion.
The problem reappeared when I was in the CF admin page, long after I'd
logged on.
But then I opened another browser and purposely asked for a local page that
didn't exist. The IIS error page contained
Tom,
Stop and go back to the CF Admin and check the setting for Missing Template
Handler. Make sure its blank or is actually pointing to a valid missing
template handler page that you setup. This blog post is why I mention that.
Most likely a virus / malware on your computer, not the server:
https://www.google.com/search?q=
Your+Java+version+is+outdated%2C+have+security+risks
--
Pete Freitag - Adobe Community Professional
http://foundeo.com/ - ColdFusion Consulting Products
http://hackmycf.com - Is your ColdFusion
One is that, while it doesn't show up in the view source for a given page,
a JS library referenced in
the page has been compromised to rewrite page content.
Of course, this is quite possible in theory, however it would imply that the
hacker has already hacked
the server, and one could
Wil,
Thanks. I'd already checked that. Mark chimed in earlier, and it's his post.
Pete,
Thanks. I was so concerned that the server was compromised in a way that
would affect its performance as a server, I hadn't had a chance to start
googling the text itself.
And Dave,
Thanks again. Yes,
Tom - I missed the email that Mark sent with that same blog post (which was
written by me). Mark and I tag team this stuff regularly.
Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com
wilg...@trunkful.com
www.trunkful.com
On Nov 12, 2014, at
23 matches
Mail list logo
