Damnit, where's my free energy?!

I shall point to this article next time I'm accused of slacking off reading the papers.

Virtual beer.

It strikes me that whether there are known vulnerabilities or not. If you are running an ecommerce site, you should assume that there are, and that people are going to try and exploit them!

The most simple and straightforward solution would be to deploy an application firewall into your infrastructure. With the tick of a checkbox you could then turn on generic protection against this type of problem.

Simples!

El Wedge has epicly failed at the internets rofl. Link not only spelt wrong but doesn't even go to the right place when spelt right lol.

Codfusion - The for phishing and hacking of coldfusion servers?

The link you provided for the coldfusion vuln is not an official adobe link. You seem to imply that it is. You might have done better to at least mention the site is not the official site for CF. The title is also bunk. Hackers have not done anything. This is an example of using a default config, without hardening the system. No different than saying "hackers crack windows 2008" and then stating that the admins are not setting a password for "Administrator".

In spite of that.... I am sure there are quite a few installs of CF that are at risk due to this configuration, so it is great that you are getting the word out for them to be able to fix this.

http://www.adobe.com/support/security/bulletins/apsb09-09.html