-
1. Re: Hacker adding links to CF files
BKBK Jan 16, 2014 1:31 AM (in response to boo1949)Sounds like a case of Cross-Site Scripting (XSS). Carrying someone around on your back for 3 years is scandalous.
You should have sorted this out when you first disvovered it. Parasites persist only if you let them.
So, squash the pest now, once and for all. Our own Jason Dean (12Robots) gives tips on how to tackle XSS in ColdFusion. I could also find the following useful information on the web:
Security Advisory for ColdFusion:
http://www.adobe.com/support/security/advisories/apsa13-01.html
CVE report on ColdFusion Vulnerabilities (see, in particular, 'Code Execution' and 'XSS'):
http://www.cvedetails.com/product/8739/Adobe-Coldfusion.html?vendor_id=53
Code injection by hackers via coldfusion:
http://forums.adobe.com/thread/438275
Tools:
-
2. Re: Hacker adding links to CF files
boo1949 Jan 16, 2014 3:58 PM (in response to BKBK)Hi BKBK,
Obviously if I had any idea how they were doing it I would stop them, but I
am not a CF person and I only manage the Linux server that hosts the web
sites.
Thanks for the links I will have a good read.
Steve
-
3. Re: Hacker adding links to CF files
BKBK Jan 18, 2014 11:40 PM (in response to boo1949)Hi Steve,
Contact the owner of the site about this. Most of the security loopholes mentioned can be closed by a simple modification of the code. For example, checking user-input from forms and from the URL will ensure very good security.
-
4. Re: Hacker adding links to CF files
boo1949 Jan 19, 2014 3:53 PM (in response to BKBK)Thanks,
I have contacted them about turning on the protection functions in CF
administrator, so we'll see how long that takes to approve.
Cheers
Steve

