DennBen
2009-07-24 13:19:52 UTC
I am looking through my Coldfusion exception.log file and seeing a
couple hundred errors around the same time yesterday. I am wondering
what would cause them.
There errors are varying but there are a few these mixed in:
Error","jrpp-3308","07/23/09","11:49:32",,"Probe requests must
originate from localhost, 127.0.0.1 The specific sequence of files
included or processed is: D:\InetPub\CFIDE\probe.cfm, line: 53 "
coldfusion.runtime.CustomException: Probe requests must originate from
localhost, 127.0.0.1
and lots of file not found errors in different directories, some are
coldfusion directories: (to name a few:)
File not found: /cgi-bin/CFIDE/probe.cfm
File not found: /Admin/CFIDE/probe.cfm
File not found: /instaboard/index.cfm
File not found: /cfide/index.cfm
File not found: /cgi-bin/ftj6dvaz.cfc
File not found: /junk999.cfm
/cfdocs/cfmlsyntaxcheck.cfm
The first error was File not found: /mNkvt1Kz3gj6.cfm
Looks like this went on for about a 45 minutes.
Is this a hack attempt? And if so, how would I know if I am
vulnerable? I dont have a site-wide error set up so they would know
they are getting file not found errors. the reason i dont have that
set up is because there are multiple websites on one coldfusion server
and I havent been able to think of a way to give a standard error
messge that would suit them all.
Any advice or input would be greatly appreciated.
Thanks
couple hundred errors around the same time yesterday. I am wondering
what would cause them.
There errors are varying but there are a few these mixed in:
Error","jrpp-3308","07/23/09","11:49:32",,"Probe requests must
originate from localhost, 127.0.0.1 The specific sequence of files
included or processed is: D:\InetPub\CFIDE\probe.cfm, line: 53 "
coldfusion.runtime.CustomException: Probe requests must originate from
localhost, 127.0.0.1
and lots of file not found errors in different directories, some are
coldfusion directories: (to name a few:)
File not found: /cgi-bin/CFIDE/probe.cfm
File not found: /Admin/CFIDE/probe.cfm
File not found: /instaboard/index.cfm
File not found: /cfide/index.cfm
File not found: /cgi-bin/ftj6dvaz.cfc
File not found: /junk999.cfm
/cfdocs/cfmlsyntaxcheck.cfm
The first error was File not found: /mNkvt1Kz3gj6.cfm
Looks like this went on for about a 45 minutes.
Is this a hack attempt? And if so, how would I know if I am
vulnerable? I dont have a site-wide error set up so they would know
they are getting file not found errors. the reason i dont have that
set up is because there are multiple websites on one coldfusion server
and I havent been able to think of a way to give a standard error
messge that would suit them all.
Any advice or input would be greatly appreciated.
Thanks