Hacked Response Header to Googlebot

Question

We have a website that, when browsed by Googlebot (or any test site that uses the Googlebot 2.1 http_user_agent ID) embedds a bunch of links in the response header (spam link for Cialis). What anyone else sees in the their browser is the regular website as the spam links are not inserted into the response header. The web server is IIS on Windows Server 2008 (with the latest patches) and CF is CF 9 Enterprise. I initially thought that it was an attack on IIS that corrupted the system, but there are several other websites on the same server that aren't affected. If something affected a core dll file or something like that, it seems like it would affect all sites. In looking at all of our .cfm files and files that they reference (e.g. .js) they are fine - the malicous content isn't in any of them. However, something has become corrupted that enables this content to be put in the http response header. I've heard of similar attacks ("Pharma hacks") on Wordpress and Joonla, but nothing in reference to ColdFusion.Does anyone have any ideas?

WolfShade · Accepted Answer

Look for files that don't belong (typically named i.cfm or h.cfm, but it could be anything), remove them and apply the latest security patch.^_^

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded