It took me a few seconds to realize that hackers (actually Script Kiddies from Algeria, Canada, Italy, and Morocco) were trying to get into an Adobe Cold Fusion server that I monitor for a client. Unfortunately for them, they lack the ports information needing to find it on the server as it seems the idiots were only trying port 80 (which is public) and alerted me to their actions.
If you have such a server, avoiding port 80 and port 8500 would be the sensible thing to do as those port are well known to everyone, including exploiters. Don’t think your server will be found? Well, I have bad news for you. Search Engines, like Google and Bing, will bring them right to your doorstep with a query of inurl:”/CFIDE/administrator/” and if you do not believe me, ask yourself, how did I locate this page?
http://domain.tld:8500/CFIDE/administrator/index.cfm
http://domain.tld:80/CFIDE/administrator/index.cfm
http://domain.tld:80/CFIDE/ks.php
Index of /CFIDE/administrator
Parent Directory
Application.cfm
aboutcf.cfm
analyzer/
appinstaller/
archives/
cfadmin.css
cftags/
checkfile.cfm
classes/
components/
custommenu.xml
datasources/
debugging/
enter.cfm
entman/
eventgateway/
extensions/
favicon.ico
filedialog/
footer.cfm
forbidden.cfm
header.cfm
help/
homepage.cfm
images/
include/
index.cfm
j2eepackaging/
linkdirect.cfm
logging/
login.cfm
login_migration.cfm
logout.cfm
logviewer/
mail/
menu.js
monitor/
navserver.cfm
reports/
resources.cfm
scanner/
scheduler/
security/
settings/
setup/
sha1.js
skin/
solr/
styles.cfm
tools/
topnav.cfm
verity/
wizards/
Stephan Pringle
Latest posts by Stephan Pringle (see all)
- ADFS/CAS Time out - Thursday, September 19, 2024
