Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Server getting hacked... ISP blames the Code...
16 views
Skip to first unread message
sle...@gmail.com
Jun 8, 2015, 4:51:41 PM6/8/15
to
I have a client who a bunch of sites, about half of which are CF.. the other half are pure html. He's been getting hacked recently. The hackers are uploading .asp files selling knock-off shoes that have links to other sites (malware likely), creating folders all over the place, etc.
He's already gone through and created super secure passwords for everything, and I've gone through all of the sites to ensure I have proper stuff in place, e.g. cfqueryparams, HTMLEditFormat, etc. None of the sites are particularly fancy at all... no e-commerce or anything.
But the idiot ISP keeps insisting it must be happening via a web form. We went through and disabled all of the web forms everywhere.. and now just today, another site has been compromised (a pure html one).
Has anybody seen this kind of attack before? Any ideas how they're getting in? We ran "Hackmycf" on it and it identified a number of things, all of which the ISP insists aren't an issue (though I disagree). A couple of CF hotfixes and such... but found no code problems.
Any input would be appreciated. Thanks!
Rob
He's already gone through and created super secure passwords for everything, and I've gone through all of the sites to ensure I have proper stuff in place, e.g. cfqueryparams, HTMLEditFormat, etc. None of the sites are particularly fancy at all... no e-commerce or anything.
But the idiot ISP keeps insisting it must be happening via a web form. We went through and disabled all of the web forms everywhere.. and now just today, another site has been compromised (a pure html one).
Has anybody seen this kind of attack before? Any ideas how they're getting in? We ran "Hackmycf" on it and it identified a number of things, all of which the ISP insists aren't an issue (though I disagree). A couple of CF hotfixes and such... but found no code problems.
Any input would be appreciated. Thanks!
Rob
apar...@gmail.com
Jun 8, 2015, 10:30:27 PM6/8/15
to
Which version of CF? Which server platform? Offhand, the isp sounds lazy and unhelpful. Can you access logs for CF and the server platform? Look there to see what is being accessed maliciously.
0 new messages