back to article Hackers crack ColdFusion

Hackers are running a mass compromise against sites running vulnerable ColdFusion application server installations. Security watchers at the SANS Institute's Internet Storm Centre are warning that a "high number" of sites have been hit over the last 36 hours or so. Miscreants are exploiting sites running older installations of …

COMMENTS

This topic is closed for new posts.
  1. Tzael
    Coat

    Misleading article titles

    Damnit, where's my free energy?!

  2. Seanmon
    Pint

    Cheers el reg.

    I shall point to this article next time I'm accused of slacking off reading the papers.

    Virtual beer.

  3. Nick B (Zeus)
    Stop

    No application firewall?

    It strikes me that whether there are known vulnerabilities or not. If you are running an ecommerce site, you should assume that there are, and that people are going to try and exploit them!

    The most simple and straightforward solution would be to deploy an application firewall into your infrastructure. With the tick of a checkbox you could then turn on generic protection against this type of problem.

    Simples!

  4. Mark 18
    Pirate

    Epic Fail!

    El Wedge has epicly failed at the internets rofl. Link not only spelt wrong but doesn't even go to the right place when spelt right lol.

    Codfusion - The for phishing and hacking of coldfusion servers?

  5. Anonymous Coward
    FAIL

    ColdFusion

    The link you provided for the coldfusion vuln is not an official adobe link. You seem to imply that it is. You might have done better to at least mention the site is not the official site for CF. The title is also bunk. Hackers have not done anything. This is an example of using a default config, without hardening the system. No different than saying "hackers crack windows 2008" and then stating that the admins are not setting a password for "Administrator".

    In spite of that.... I am sure there are quite a few installs of CF that are at risk due to this configuration, so it is great that you are getting the word out for them to be able to fix this.

  6. Don Mitchell

    This has been happening for a while

    This has been going on for many weeks. I know one ISP that was massively hacked via coldfusion about two weeks ago. Everyone's web pages has a one-line js script added that called some kind of Adobe Flash player exploit.

  7. Bert 2

    Adobe response

    Official Adobe response is here

    http://blogs.adobe.com/psirt/2009/07/potential_coldfusion_security.html

  8. Anonymous Coward
    Anonymous Coward

    php too

    Its really a FCKEditor Security Issue, not coldfusion. The 'news' is one version of Coldfusion (8.0.1) shipped with the FCKEditor connectors enabled

    php

    http://secunia.com/advisories/27123/

    asp

    https://strikecenter.bpointsys.com/articles/permalink?title=exploiting-iis-via-htmlencode-ms08-006&month=02&year=2008&day=13

  9. Anonymous Coward
    Thumb Up

    Hotfix

    http://www.adobe.com/support/security/bulletins/apsb09-09.html

This topic is closed for new posts.

Other stories you might like