cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Arrgh! My sites are being hacked!

partTimeCrazy
Explorer ,
Nov 28, 2013 Nov 28, 2013

Some of our coldfusion sites are being redirected to a mulberry site when someone does a google search. Is there a way to prevent this? How are they doing it in the first place? It look like this code is being inserted into the index.cfm:

[ code removed - do NOT post the contents of hacked sites on this forum!! ]

931
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 4 Replies 4
latest latest Jump to latest reply
partTimeCrazy
Explorer ,
Nov 28, 2013 Nov 28, 2013

eh, code removed? How am I supposed to get help if people cant see what the problem is?!

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
duncancumming
Engaged ,
Nov 28, 2013 Nov 28, 2013
In Response To partTimeCrazy

Here's the link to your StackOverflow question which does have all the code:

http://stackoverflow.com/questions/20263712/aargh-coldfusion-sites-are-being-hacked

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dave Merchant
LEGEND ,
Nov 28, 2013 Nov 28, 2013
In Response To partTimeCrazy

Whether or not your server was hacked has nothing to do with the code that was placed there. We don't care what the code was or where it linked to.

By pasting their code onto other sites (including the web addresses) you are helping the attackers disseminate their links, so you're a spammer too.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
tribule
Enthusiast ,
Dec 02, 2013 Dec 02, 2013
LATEST

We have seen the "mulberry" attack too - it is a backdoor that is planted in various php and cfm templates, allowing the attacker to use your server to show adverts and do redirects etc.

Do you have PHP or WordPress installed on the same server?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices