ColdFusion is taking a bashing in the news this week. I think this is rather typical of the news because they can blame an actual company. Whereas the massive numbers of PHP exploits go unreported in the regular news. There's no company to blame for PHP failures. Just my humble opinion on the motives of the news media.
The "New Exploits" are not new, but just newly reported servers that were hit by the same exploit from a year ago. In some cases it was not discovered until recently.
The "ColdFusion BotNet" that is being talked about in the news was taken down last year. The FBI has the person and servers that were collecting data. I have not been able to get any FBI agent to say that exactly, but I have read news reports alluding to the fact. That and the fact that the FBI has been notifying people whose servers have been found listed on the "Botnet control panel". Was there more than one Botnet? Could be?
Most blog posts on this subject are full of hype and lack details. The only blog post that has the details is mine that Mark Kruger, aka. ColdFusion Muse published on his blog. The hack referenced above is two fold. One involving ColdFusion and the other involving IIS.
One of the servers being discussed is currently a client of ours at CF Webtools. They came to us with a compromised server seeking help. We took care of them.
The reminders to make sure your ColdFusion servers are patched just keep coming in! Either patch them yourself, have your hosting provider patch them or if they are not familiar or knowledgeable with ColdFusion contact us at CF Webtools to patch your servers.
Fellow ColdFusion Guru David C. Epler posted a detailed article on the origins of this exploit in ColdFusion and when it was introduced.