We understand that your sever might have been compromised. It’s a situation critical and there are some preventive measures, which should be taken. First of all scan your site at http://hackmycf.com/. If the scan report shows any vulnerability, then contact Adobe Product Security Incident Response Team at PSIRT(at)adobe(dot)com with the scan results.
What you can try at your end
There are few sanity checks, which may help you. Not to fix your application against the vulnerability, however, to identify whether the server is compromised or not.
You can try the following:-
- Check the application.cfm and remove any unwanted code added by this attack.
- Check if there are any unwanted files in your web root or in /CFIDE directory and remove them if present. This means that if there are h.cfm or i.cfm or any other unwanted files present, please remove them immediately.
- Also see if there is any unwanted modification to any of your files. You should be able to find that by looking at the timestamp of the files and remove the unwanted code added by this attack.
- Check if there is any unwanted scheduled task created in the administrator. If there is any, please remove that immediately.
- Once done with the above steps, please go through the latest Security bulletin http://helpx.adobe.com/security.html#coldfusion.
Adobe recommends, ColdFusion customers should update their installation using the instructions provided in the technote (as on today) http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-27.html.
It is also recommended that you apply the Lockdown guide on your server.
Some quick links
ColdFusion 11 lockdown guide: – http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf11/cf11-lockdown-guide.pdf
ColdFusion 10 lockdown guide: – http://wwwimages.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guide.pdf
ColdFusion 9 lockdown guide: – http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdf
Note: – All the above suggestions are some preliminary ones and there could be other action items as well.