Hackers causing havoc in the World of ColdFusion

Nothing like waking up on a Friday before a holiday to discover that Hackers have been causing havoc in the world of ColdFusion.  Our inbox this morning contained a message from one of our preferred ColdFusion Hosting companies Crystal Tech (now Newtek Technology Services) about the attacks and several CF sites are reporting on the coordinated efforts.

Hackers are exploiting sites running older installations of some ColdFusion applications, such as FCKEditor (a popular HTML text editor) or CKFinder (an Ajax file manager).  The potential security vulnerability exists in a popular ColdFusion shopping cart application CFWebstore that allows uploading of a shell script to a vulnerable site and gain root access to the server.  For less technical readers, this isn't a good thing.  This allows hackers to take advantage of the vulnerabilities to plant malicious scripts onto compromised websites, as part of a drive-by download attack that ultimately aims to infect visitors to the hacked site.

Luckily, none of our CF sites are in danger, as we don't use FCKEditor for anything in our development (TinyMCE rocks!) and CFWebstore is not a product we use for our sites.  Plus, Crystal Tech has assured us that that they "have already taken steps to minimize the potential for compromise".

If you have kept up with CF updates and upgrades, and if you don't use FCKEditor, your site should be fine.  Security researchers recommend that sites review their ColdFusion installations, paying particular attention to deleting older applications that may have been left around as orphans during systems upgrades.

For more information, view the links below or contact the nerds at Brice Cheddarn Development with your questions.

Hackers crack ColdFusion
CF8 and FCKEditor Security threat
CFWebstore File Upload Vulnerability
Cold Fusion web sites getting compromised

2 Comments