Pete Freitag Pete Freitag

New HackMyCF Features

coldfusion

HackMyCF, my company's ColdFusion (and Railo too) server security scanner was recently updated with some cool new features for our paid subscribers.

Connector Version Check

Did you know that when you run the CF10 updater it doesn't update your web server connectors, you have to do that manually? Do you have any idea if you are running the latest web server connector? As part of your HackMyCF report (with our cfm file installed on your server) you can now see if you are running the latest connector for (CF9+). See an example report for CF9 or CF10.

CFIDE Scan

Your /CFIDE directory is a target for hackers to upload a malicious backdoor/shell cfm file because it is an implicit mapping, and often has full sandbox permissions when sandbox security is enabled. The latest version of HackMyCF's probe (this is the cfm file you place on your server that we connect to) can send back a listing of files and their MD5 checksums, allowing HackMyCF to find some of these malicious files. This update also lays the ground work for us to alert you when files are added or modified in /CFIDE.


Like this? Follow me ↯

New HackMyCF Features was first published on October 24, 2013.

If you like reading about hackmycf, coldfusion, security, cfide, or connector then you might also like:

FuseGuard Web App Firewall for ColdFusion

The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.

Comments

Hi Russ - Can you forward me a copy of the report?
by Pete Freitag on 12/31/2013 at 11:38:51 AM UTC

Post a Comment