Copy link to clipboard
Copied
Some of our coldfusion sites are being redirected to a mulberry site when someone does a google search. Is there a way to prevent this? How are they doing it in the first place? It look like this code is being inserted into the index.cfm:
[ code removed - do NOT post the contents of hacked sites on this forum!! ]
Copy link to clipboard
Copied
eh, code removed? How am I supposed to get help if people cant see what the problem is?!
Copy link to clipboard
Copied
Here's the link to your StackOverflow question which does have all the code:
http://stackoverflow.com/questions/20263712/aargh-coldfusion-sites-are-being-hacked
Copy link to clipboard
Copied
Whether or not your server was hacked has nothing to do with the code that was placed there. We don't care what the code was or where it linked to.
By pasting their code onto other sites (including the web addresses) you are helping the attackers disseminate their links, so you're a spammer too.
Copy link to clipboard
Copied
We have seen the "mulberry" attack too - it is a backdoor that is planted in various php and cfm templates, allowing the attacker to use your server to show adverts and do redirects etc.
Do you have PHP or WordPress installed on the same server?