ColdFusion Under Attack

No, not ColdFusion the product (well, no more than usual). I am referring to an ongoing series of attacks by hackers deliberately targeting ColdFusion servers, essentially looking for CFIDE directory structures that are inadequately locked down. And as per customer reports, it appears as though many ColdFusion servers have indeed been compromised. The ColdFusion team is looking into this one. But in the interim, please read this post and this post by Charlie Arehart. Oh, and I highly recommend using HackMyCF, as well.

2 responses to “ColdFusion Under Attack”

  1. David L. Avatar
    David L.

    My company has several external facing CF apps, some of which are quite dated, and weren’t programmed with quite the same attention to security that we now pay. We do, however, get notification, when users force otherwise unhandled errors, and there has been a significant uptick in SQL injection probes/attacks recently. It seems to be a scripted tool that is generating the attacks. Unfortunately, there is no real pattern to where the attacks come from, and not much conclusive evidence as to the tool being used (although the browser agent string is always "Mozilla/4.0 (compatible; Synapse)". Thoughts?

  2. Ben Forta Avatar
    Ben Forta

    I think you are doing it. Keep monitoring logs, make sure you are up to date with hot fixes and updates, and follow the lockdown guide recommendations. And I really do recommend HackMyCF, I use it weekly myself.
    — Ben

Leave a Reply