[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 113
  • Last Modified:

Cold Fusion mail issues

Experts,

My CF server is sending out anonymous emails and is there any way I can find out the issue.
I understand that this is a wage statement, but trying to find out what would be starting point

Using CF 9,0,2,282541   version.
Verified : Logs > Mailsent document and I do see those anonymous emails sent out.

Is there any security patch for this version?

Thanks in advance.
0
Tpaul_10
Asked:
Tpaul_10
  • 5
  • 4
1 Solution
 
rjohnsonjrCommented:
You could check your server access logs to see the urls that are getting hit a lot.  Usually there will be hundreds of urls.

I am also willing to bet that you could check the spool folder and the undeliverable folder to get you one of the emails that would allow you to find a piece of code in the email that you could search your server and find the offending code.  Perhaps a subject line or html inside the email  or something that would allow you to do a global search.
0
 
Tpaul_10Author Commented:
Will do rjohnsonjr.
Thanks for the information, but is there any specific log file (like application.log,server.log etc.,) to concentrate on more?
0
 
_agx_Commented:
Disclaimer, this is not my area of expertise but a few thoughts..

What do you mean by anonymous emails? When you view the emails, is the FROM/sender your email address - or the spammer's?  Where/how are you using cfmail in your application? For example, do you have any action pages that blindly send email solely based on form fields submitted? ie

     <cfmail from="#FORM.senderEmail#" subject="#FORM.subject#" ...> #FORM.messageContent#</cfmail>

If the app is unsecured by a login mechanism, that could allow anyone to send out emails via your server just by doing a POST.

Also, is your email server configured to block relaying?

If you haven't already, be sure to check out the CF Lock Down Guide (PDF) and http://hackmycf.com for other security tips.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Tpaul_10Author Commented:
Thanks guys and here are the details.

1. Yes it's the spammers and sending the email using the CF mail settings and I do see that an email sent out as per mailsent.log
2. I have few places/pages where the email can be sent out through the website.
3. I don't have any action pages that will send out the email based on the form fields.
4. The app is secured through login mechanism.
5. Applied all the patches and latest Java as well.

Searching now to see if I can find any part of the code from that email.
0
 
_agx_Commented:
>> 5. Applied all the patches and latest Java as well.

Does that mean you reviewed the lock down guide and hackmycfm.com? Abusing an existing .cfm script that sends mail is just one possibility. For example, if the spammer somehow got access to the server, they could create/upload a malicious script that sends mail, etc.. completely independent of your real application code.

Again, this isn't my area of expertise, but I wouldn't rule out anything. I remember a thread about a hacked CF server a while back. The hacker somehow created a malicious .cfm script that essentially gave them full control over the server just by accessing a url on the server. No idea if that's what happened on your server, but again ... I wouldn't rule out anything.
0
 
_agx_Commented:
Also, search the EE archives. Looks like something similar has come up before

Coldfusion server hijacked to send email spam!!
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Q_28448724.html
0
 
Tpaul_10Author Commented:
Thank you for the updates.
Is there any guide or details where I can get for upgrading the CF 9.0 to CF 11.0?
Appreciate your help in getting the information as I am still looking into this issue.

Thanks
0
 
_agx_Commented:
Sorry, I don't know.  I haven't even tried CF11 yet.
0
 
Tpaul_10Author Commented:
Thanks.
I am trying to get a document that outlines the differences between CF9.0 and CF 11.0 so that I can see what code changes I need to make if I go for CF 11.0.

Can't get one on the online, please let me know if you find some.

Thanks
0
 
Tpaul_10Author Commented:
Used CFLockdown guide to get it fixed. Thanks AGX.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now