Monday, April 20, 2015

Continuously hacked! HELP!

Hello folks, I am looking for a crowd sourced security solution.

I have a client that has a VPS at a well known ColdFusion hosting company.

Their setup is IIS 7.0, Windows server 2008 R2, HackmyCF & CF9

Capturing a netstat -o during the event shows a connection running conhost.exe

I have FTP turned off.

I appreciate any help & suggestions in this issue.

Code inserted at the top of index.cfm

Code inserted at the bottom of index.cfm

Possible solution!

It appears that a file manager written in CF in a single file was placed on the server.

To the best of my understanding it is the same as what Charlie Arehart describes here.

Further reading available here

SEARCH YOUR CODE BASE FOR "TRIPSHELL"

Sunday, February 22, 2015

Lucee Bitnami VM

Hi Folks get your unofficial Bitnami Lucee VM!

* Special note to Scott Stroz: None of this is original art, everything has been copied from smarter people than me!

In short, I wanted to take Lucee for a test drive, figured I'd see how quickly I could get it up and running, short answer QUICK!

As stated in the Lucee docs, you can easily swap out the jar files and be running Lucee in no time.

Feel free to pull down a copy here

Special thanks to the Bitnami & Lucee folks for making everything so easy!