Hackers are running a mass compromise against sites running vulnerable ColdFusion application server installations. Security watchers at the SANS Institute's Internet Storm Centre are warning that a "high number" of sites have been hit over the last 36 hours or so. Miscreants are exploiting sites running older installations of …
Misleading article titles
Damnit, where's my free energy?!
Cheers el reg.
I shall point to this article next time I'm accused of slacking off reading the papers.
No application firewall?
It strikes me that whether there are known vulnerabilities or not. If you are running an ecommerce site, you should assume that there are, and that people are going to try and exploit them!
The most simple and straightforward solution would be to deploy an application firewall into your infrastructure. With the tick of a checkbox you could then turn on generic protection against this type of problem.
El Wedge has epicly failed at the internets rofl. Link not only spelt wrong but doesn't even go to the right place when spelt right lol.
Codfusion - The for phishing and hacking of coldfusion servers?
The link you provided for the coldfusion vuln is not an official adobe link. You seem to imply that it is. You might have done better to at least mention the site is not the official site for CF. The title is also bunk. Hackers have not done anything. This is an example of using a default config, without hardening the system. No different than saying "hackers crack windows 2008" and then stating that the admins are not setting a password for "Administrator".
In spite of that.... I am sure there are quite a few installs of CF that are at risk due to this configuration, so it is great that you are getting the word out for them to be able to fix this.
This has been happening for a while
This has been going on for many weeks. I know one ISP that was massively hacked via coldfusion about two weeks ago. Everyone's web pages has a one-line js script added that called some kind of Adobe Flash player exploit.
Official Adobe response is here
Its really a FCKEditor Security Issue, not coldfusion. The 'news' is one version of Coldfusion (8.0.1) shipped with the FCKEditor connectors enabled