-
1. Re: Hacker adding links to CF files
Sounds like a case of Cross-Site Scripting (XSS). Carrying someone around on your back for 3 years is scandalous.
You should have sorted this out when you first disvovered it. Parasites persist only if you let them.
So, squash the pest now, once and for all. Our own Jason Dean (12Robots) gives tips on how to tackle XSS in ColdFusion. I could also find the following useful information on the web:
Security Advisory for ColdFusion:
http://www.adobe.com/support/security/advisories/apsa13-01.html
CVE report on ColdFusion Vulnerabilities (see, in particular, 'Code Execution' and 'XSS'):
http://www.cvedetails.com/product/8739/Adobe-Coldfusion.html?vendor_id=53
Code injection by hackers via coldfusion:
http://forums.adobe.com/thread/438275
Tools:
-
2. Re: Hacker adding links to CF files
Hi BKBK,
Obviously if I had any idea how they were doing it I would stop them, but I
am not a CF person and I only manage the Linux server that hosts the web
sites.
Thanks for the links I will have a good read.
Steve
-
3. Re: Hacker adding links to CF files
Hi Steve,
Contact the owner of the site about this. Most of the security loopholes mentioned can be closed by a simple modification of the code. For example, checking user-input from forms and from the URL will ensure very good security.
-
4. Re: Hacker adding links to CF files
Thanks,
I have contacted them about turning on the protection functions in CF
administrator, so we'll see how long that takes to approve.
Cheers
Steve