• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Arrgh! My sites are being hacked!

Explorer ,
Nov 28, 2013 Nov 28, 2013

Copy link to clipboard

Copied

Some of our coldfusion sites are being redirected to a mulberry site when someone does a google search. Is there a way to prevent this? How are they doing it in the first place? It look like this code is being inserted into the index.cfm:

[ code removed - do NOT post the contents of hacked sites on this forum!! ]

Views

838

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Nov 28, 2013 Nov 28, 2013

Copy link to clipboard

Copied

eh, code removed? How am I supposed to get help if people cant see what the problem is?!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Nov 28, 2013 Nov 28, 2013

Copy link to clipboard

Copied

Here's the link to your StackOverflow question which does have all the code:

http://stackoverflow.com/questions/20263712/aargh-coldfusion-sites-are-being-hacked

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Nov 28, 2013 Nov 28, 2013

Copy link to clipboard

Copied

Whether or not your server was hacked has nothing to do with the code that was placed there. We don't care what the code was or where it linked to.

By pasting their code onto other sites (including the web addresses) you are helping the attackers disseminate their links, so you're a spammer too.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Enthusiast ,
Dec 02, 2013 Dec 02, 2013

Copy link to clipboard

Copied

LATEST

We have seen the "mulberry" attack too - it is a backdoor that is planted in various php and cfm templates, allowing the attacker to use your server to show adverts and do redirects etc.

Do you have PHP or WordPress installed on the same server?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation