Hackers causing havoc in the World of ColdFusion

Nothing like waking up on a Friday before a holiday to discover that Hackers have been causing havoc in the world of ColdFusion.  Our inbox this morning contained a message from one of our preferred ColdFusion Hosting companies Crystal Tech (now Newtek Technology Services) about the attacks and several CF sites are reporting on the coordinated efforts.

Hackers are exploiting sites running older installations of some ColdFusion applications, such as FCKEditor (a popular HTML text editor) or CKFinder (an Ajax file manager). The potential security vulnerability exists in a popular ColdFusion shopping cart application CFWebstore that allows uploading of a shell script to a vulnerable site and gain root access to the server. For less technical readers, this isn't a good thing. This allows hackers to take advantage of the vulnerabilities to plant malicious scripts onto compromised websites, as part of a drive-by download attack that ultimately aims to infect visitors to the hacked site.

Luckily, none of our CF sites are in danger, as we don't use FCKEditor for anything in our development (TinyMCE rocks!) and CFWebstore is not a product we use for our sites. Plus, Crystal Tech has assured us that that they "have already taken steps to minimize the potential for compromise".

read more...