ColdFusion MailSpoolService Performance

In my last article about the Adobe ColdFusion MailSpoolService I mentioned that I was going to try to get specifics on expected performance in the Standard Edition vs Enterprise edition of the MailSpoolService. Adobe has not respond to my requests with actual data. While attending the ColdFusion Summit 2017 I tried to get a clear answer from any of the Adobe ColdFusion engineering team members that were at the conference. They didn't know the answer. Because I didn't get the response I wanted from Adobe I decided to start testing.

My first test was to setup a Windows VM with ColdFusion 11 installed with a standard license. I also created a simple CFML page that uses CFMAIL to send an email with a CFLOOP to send that same email a lot of times. To make this a more realistic test I made up a new disposable email address on our mail server at CF Webtools and sent the emails from my email server on AWS. This means that the ColdFusion MailSpoolService has to actually communicate with a mail server. SMTP connections can at times take time. The emails I generated have several paragraphs of Lorem Ipsum text to simulate actual email sizes. My first test was to verify one email did indeed get sent. It did. The next test was to send 1000 emails while timing with my iPhone's stop watch. We also have ColdFusion 11 Enterprise which meant I was able to test the performance against the Enterprise Edition. Lastly, I was asked to test on the Developer Edition because it is often stated that the Developer Edition is essentially Enterprise Edition with a two connection limit. I ran this test a couple times each from ColdFusion 11 Standard, ColdFusion 11 Developer, and ColdFusion 11 Enterprise servers.

Standard Edition
It took approximately 23 minutes to process 1000 emails in the mail spool. This comes down to about 44/45 emails per minute. Which works out to about 11/12 emails per 15 second pooling interval or 2600 email an hour. Which is a little more that 60,000 emails per day processing 24 hours straight without any connection issues. That's not too shabby for being the single threaded version of the MailSpoolService.

Developer Edition
After running the same tests a couple times in Developer Edition I got the exact same results as I did for Standard Edition.

Enterprise Edition
This is where you can say "You get what you pay for!". Before I go into the numbers let me also remind everyone that the Enterprise Edition of the MailSpoolService is multi-threaded and you can specify the number of threads. I think the default is 10 threads. This setting is in the Mail section of the ColdFusion Administrator Enterprise Edition ONLY in the sub section "Mail Spool Settings". There is nothing that indicates that there is a maximum number of threads. My tests are with 10 threads.

I had to run this test several more times just to make sure I saw what I saw. All 1000 emails were sent in a single polling of the mailSpoolService. That's 1000 emails sent in under 15 seconds. I ramped it up a bit and sent 5000 emails. This time it took two polling intervals and sent 5000 emails in about 30 seconds. To get absurd I increased the test to 10,000 emails and the Enterprise Edition cleared those out in less than 60 seconds. This means it took 4 polling intervals to process 10,000 emails which comes out to 2,500 every 15 seconds with 10 MailSpoolThreads. I wanted to verify this exactly so I decreased the polling interval from 15 seconds to 30 seconds. I wanted to fill the mail spool completely beforehand and see how many emails were processed on each polling interval. What I saw is that I'm not nearly at the limit of what the Enterprise Edition MailSpoolService can handle. By slowing down the polling interval my CFML script was able to put all 10,000 emails into the mail spool folder before the MailSpoolService started processing. Then it happened, all 10,000 emails were process in one single polling interval of less than 15 seconds time. I'm not sure were the limit is, but it's fairly clear that the Enterprise edition can send more emails than most of us will ever need. Even if you're running a bulk mail service.

Summary
My results are not scientific. However, I do believe they are closer to what real people will see on real servers based on my experience with hundreds of servers. It would be really nice if Adobe would respond with some real numbers so we could help clients decide if this feature is worth buying Enterprise Edition instead of Standard Edition. However, based on my testing, if sending emails is your high priority and the amount of emails is going to be over 50,000 emails per day then you might want to weigh the cost of an Enterprise license.

Note:
The reason I was testing on ColdFusion 11 is this is the version that several different clients have that are having issues with the MailSpoolService. I think I know that for one client they really are trying to send near or over 50,000 emails per day and this is why they thought there was an issue with the MailSpoolService.

On my Way to CFSummit 2017

For the first time ever I'm headed to CF Summit. This should be fun and exciting! I'm waiting on Uber to show up and then I'm gone. I just have to get through TSA without a full cavity search. I'll be landing in Vegas around 4pm Vegas time. Let the party begin!

So far I'm thinking these sessions. All subject to change.

9:00 AM - 10:15 AM Day 1 General Session
10:30 AM - 11:30 AM send.Better() - Giving Email a REST
11:45 AM - 12:45 PM Solving problems in ways never before possible, with FusionReactor 7 and FR CLOUD
1:45 PM - 2:45 PM Dockerizing a ColdFusion Enterprise Application, a Case Study
3:00 PM - 4:00 PM Level Up Your Web Apps with Amazon Web Services
4:15 PM - 5:15 PM Power of Simplicity in FW/1 Framework

9:00 AM - 10:00 AM Day 2 General Session: How APIs Accelerate Digital Transformation
10:15 AM - 11:15 AM Application Performance Monitoring Suite in ColdFusion Aether.
11:30 AM - 12:30 PM Securing Mature CFML Codebases
2:45 PM - 3:45 PM Language improvements in ColdFusion Aether
4:00 PM - 5:00 PM CFConfig - A New Way to Manage Your ColdFusion Engine Config
5:15 PM - 5:30 PM Closing Session and Raffle Drawing

Cryptojacking: Hacking for Bitcoins

This is a brief follow up to my previous article on Hacking for Bitcoins in which I detailed how servers were being hijacked with cryptocurrency miners and using your servers CPU power to mine for Bitcoins or other blockchain cryptocurrencies. This is an updated twist on that hack. I saw this Ars Technica article today and it points out that the newer twist is to inject code into your websites code and then process cryptocurrency mining on your website user's computers. This distributes the CPU processing by thousands instead of just taking over a few of your servers.

To do this, hackers are using Coinhive.com which offers an easy-to-use programming interface that lets you setup your own website to process cryptocurrency on your visitors computers. There isn't a requirement to give notice to users that you are going to do this. What hackers are doing is using vulnerabilities in your server(s) and/or website(s) to inject this code in your website. It is estimated that there are about 2,500 websites that are currently compromised and using their users to process cryptocurrency. The fine article at Ars Technica indicates that it appears most are connected to two Coinhive.com accounts. This might mean that the hackers can easily be traced and stopped. But others will surely follow in their path.

How do I know?

When Cryptojacking occurs, a direct side effect is that the website user CPU's are maxed out and system heat starts to increase. This is a tell tale sign that the website you are using is either using your computer for their gain or has been compromised and a hacker is using your computer for their gain. (It could also be one of those annoying Flash based ads that we all hate.) But check the site source code to see if there is anything linking to Coinhive or similar. Ars Technica also reported "Most of the affected sites concealed the connection to Coinhive by adding a link to the domain siteverification.online or one masquerading as a Sucuri firewall."

This is a growing problem and recently Malwarebytes reported that on average it performs about 8 million blocks per day to unauthorized mining pages. People who want to avoid these Cryptojacking scams can use Malwarebytes or another antivirus program that blocks abusive pages

From our point of view at CF Webtools, this is a good reminder to make sure your ColdFusion servers are secure, updated and patched. It's also a good reason as to why your website code (all code really) should be in a secured version control system. That way if something like this did happen to your website code you can replace it from a known clean copy instead of digging through the code looking for the injected code. Additionally, CF Webtools offers PenTesting to check your website code for vulnerabilities. If you need help upgrading your VM or patching your server (or anything else) our operations group is standing by 24/7 - give us a call at 402-408-3733, or send a note to operations at cfwebtools.com.

ColdFusion MailSpoolService Manual Restart Issue

I've seen a few different ColdFusion 11 Standard servers that have been sending duplicate emails. We've had several clients at CF Webtools reporting this issue and over time I've had to research this to try to determine how this is happening. During my investigations, I've been able to see this behavior happen on each of the servers in question. The obvious response that I've see from Adobe and others is that code must be creating to emails in error. However, I've been able to prove beyond all doubt that this is not the case. ColdFusion creates a file that it places in the /Mail/Spool/ folder that is named something like Mail4087177804601873442.cfmail. The MailSpoolService runs on a time interval defined in the ColdFusion Administrator. Typically this interval is set to run every 15 seconds. According to Adobe, the Standard edition of ColdFusion MailSpoolService is supposed to be single threaded as opposed to the multi-threaded version that is in the Enterprise version.

To test the sending of duplicated emails I've done two primary tests. One test was to create a very simple CFML script that generate one single email and run it once. Before running the script, I have the Mail/Spool folder open so I can verify only one email file was generated. I also slow the MailSpoolService Interval to 60 seconds to provide time to verify the file(s) created. The result of this test on the various servers where we seen this issue is that I can replicate the duplicate email issue after certain conditions. This is verified by receiving to identical emails a couple seconds apart and the mailsent.log in ColdFusion logs that shows it sent the same email twice. The second test I did was to take a copy of the generated email file and save it outside of the /Mail/Spool folder. Then copy this file once into the /Mail/Spool folder to ensure that only one copy of the mail file was gin the /Mail/Spool folder. In these test I had the exact same results. The email was sent twice, I received it twice and the mailsent.log file showed it was sent twice. There is zero doubt that there is a flaw in how the mailSpoolService works in ColdFusion Standard edition.

To date I've never been able to reproduce this issue on Enterprise or Developer Editions of ColdFusion 11. Nor have I been able to reproduce this on ColdFusion 10 Standard Edition.

view plain print about
1"Information","scheduler-2","10/25/17","14:21:16",,"Mail: 'Multipart Test' From:'john@example.com' To:'jim@example.com' was successfully sent using mail.example.com"
2"Information","scheduler-5","10/25/17","14:21:19",,"Mail: 'Multipart Test' From:'john@example.com' To:'jim@example.com' was successfully sent using mail.example.com"

What is the MailSpoolService and how are people accessing it? The MailSpoolService is part of the ColdFusion server ServiceFactory written in Java. As I previously noted it is the service in ColdFusion that polls the /Mail/Spool folder for email files generated by the ColdFusion CFMAIL tag or the cfmail() function in CFScript. In the ColdFusion administrator you can specify a few settings about the behavior of the MailSpoolService. There are several ColdFusion dedicated blogs that have over the years posted how to access this service via Java code in your CFML files. The following code lets you access the MailSpoolService and from there you can supposedly do a few things. Things such as see if the mail spool is enabled, check to see if the mail spool is disk or memory based, and so on. If you dump the object you can see all the potentially usable methods.

view plain print about
1<cfset sFactory = CreateObject("java","coldfusion.server.ServiceFactory")>
2<cfset MailSpoolService = sFactory.mailSpoolService>
3Mail Spool Enabled: <cfoutput>#MailSpoolService.isSpoolEnable()#</cfoutput>
4
5Mail Spool Location: <cfif MailSpoolService.isSpoolToMemory()>Memory<cfelse>Disk</cfif>
6
7<cfdump var="#MailSpoolService#">

There are even methods to stop and start the MailSpoolService.

view plain print about
1<cfset sFactory = CreateObject("java","coldfusion.server.ServiceFactory")>
2<cfset sFactory.mailSpoolService.stop()>
3<cfset sFactory.mailSpoolService.start()>

It is the stopping and starting of the MailSpoolService that is causing the issues here. It seems that, and Adobe has confirmed, the stop feature doesn't actually stop anything. If you output the status of the MailSpoolService after stopping it, it reports back that it is indeed still enabled. When using the code to stop and start the mailSpool service, the MailSpoolService never stops, but a second instance gets started. This is where the problems start. Now there are two instances of the MailSpoolService running, neither can be stopped, and both are polling the /Mail/Spool/ folder for emails to send. When doing this both instances end up reading the same email files and and both instances sending the same emails. During this process of both instances running there are occasions when one cannot find or delete the mail file and then logs an error message in the mail.log that it could not find the particular mail file. This is another clue that there is more than one instance of the MailSpoolService running.

view plain print about
1"Error","scheduler-1","10/30/17","22:38:15",,"C:\ColdFusion11\cfusion\Mail\Spool\Mail4139740176796644009.cfmail (The system cannot find the file specified)"
2"Error","scheduler-5","10/30/17","22:40:56",,"C:\ColdFusion11\cfusion\Mail\Spool\Mail7339303340500448710.cfmail (The system cannot find the file specified)"
3"Error","scheduler-4","10/30/17","22:45:17",,"C:\ColdFusion11\cfusion\Mail\Spool\Mail8468648677617392229.cfmail (The system cannot find the file specified)"

Why are people manually stopping and starting the MailSpoolService? As I noted before in Standard edition the mail spool is single threaded. At times when large amounts of emails are generated with CFML code, say emails for a mailing list, it appears that the MailSpoolService becomes overwhelmed or even stops processing emails. Creative developers figured out how to access the MailSpoolService, which is not a documented API, and discovered the stop and start features. After running stop and start they noticed the emails were being processed again. It is highly likely that the stop feature worked in older versions of ColdFusion as many of the blog posts are from the era of ColdFusion 7, 8, and 9. It's most likely the behavior changed with ColdFusion 10 as that was a major rewrite of ColdFusion. The Service Factory is not a documented for public use API and thus subject to change at anytime.

The bigger issue remaining is why does the MailSpoolService slow way down or even stop completely when under load in ColdFusion Standard version. To me this appears to be a bug. I've been privately speaking with Adobe on this issue and we are actively trying to figure out what is happening. I've requested full documentation on exactly how the MailSpoolService is supposed to function in Standard Edition including how many emails are processed every time the MailSpoolService polls the /Mail/Spool folder. In older versions of ColdFusion (9 and older) I could actually see that up to 100 emails would be processed at a time. From ColdFusion 10 and on it appears that fewer are processed per polling of the spool. I am waiting on Adobe to verify this question in particular. While on the phone with one individual from Adobe, I was told that in Standard Edition, it processed only one email per polling interval. This means that at best Standard Edition is capable of only 4 emails per minute. From my own testing on Standard Edition I know this isn't the case and this is why I've requested clarification and documentation from Adobe. According to ColdFusion 11 Standard itself it reports there are 10 threads for the mail spool. To get this information I ran the following code.

view plain print about
1<cfset sFactory = CreateObject("java","coldfusion.server.ServiceFactory")>
2<cfset MailSpoolService = sFactory.mailSpoolService>
3
4<cfoutput>
5Schedule: #MailSpoolService.getSchedule()#
6
7Max Delivery Threads: #MailSpoolService.getMaxDeliveryThreads()#
8
9Spool Messages Limit: #MailSpoolService.getSpoolMessagesLimit()#
10
11Maintain Connections: #MailSpoolService.isMaintainConnections()#
12
13</cfoutput>
Schedule: 15000
Max Delivery Threads: 10
Spool Messages Limit: 50000
Maintain Connections: NO
I'm not sure what to make of the inconsistent information between Adobe and what ColdFusion itself is reporting. I'm still working with Adobe on this and I hope to have solid answers as to how the mailSpool truly works.

In summary, DON'T DO IT! Do not use the code above that is found on numerous ColdFusion dedicated tech blogs (just Google "MailSpoolService" to see them) to manually stop and start the ColdFusion MailSpoolService. For now the best thing to do when the MailSpoolService stops processing email in ColdFusion 11 Standard Edition is to restart ColdFusion.

Need help upgrading your VM or patching your server (or anything else)? Need help troubleshooting a perplexing problem? Our operations group is standing by 24/7 (Wait what? Mark, you said I get to sleep!) - give us a call at 402-408-3733, or send a note to operations at CF Webtools

Hacking for Bitcoins

Are your free CPU cycles making others rich? There's a chance they are and it's at your expense. A recent article at Vice.com states that "At Least 1.65 Million Computers Are Mining Cryptocurrency for Hackers So Far This Year". If this is to be believed then it's possible a server you are running has been compromised and is actually mining cyrptocurrency for the hackers. This type of breach is called Cryptojacking and it's costing you and/or your company money.

Cyrptocurrency is an anonymous, digital currency that is supposed to be untraceable. It's used on the internet to purchase more and more products and services. One of the most common forms of cryptocurrency is Bitcoin. This is from the Wikipedia entry on Bitcoin.

Bitcoin is a worldwide cryptocurrency and digital payment system called the first decentralized digital currency, since the system works without a central repository or single administrator. It was invented by an unknown programmer, or a group of programmers, under the name Satoshi Nakamoto and released as open-source software in 2009. The system is peer-to-peer, and transactions take place between users directly, without an intermediary. These transactions are verified by network nodes and recorded in a public distributed ledger called a blockchain.

Besides being created as a reward for mining, bitcoin can be exchanged for other currencies, products, and services. As of February 2015, over 100,000 merchants and vendors accepted bitcoin as payment. Bitcoin can also be held as an investment. According to research produced by Cambridge University in 2017, there are 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using bitcoin. ...

Bitcoin Mining is a record-keeping service that runs on peoples computers, servers, or specialized Mining Devices, that are setup by individuals to help process Bitcoin transactions. As a reward for doing this you are given newly created bitcoins and transaction fees. ie. You can make money by mining for Bitcoin.

This reward is enough that hackers have taken it to the next level and started hacking servers around the world so they can install mining software and use YOUR computers and servers to make money for themselves.

Case Study

CF Webtools has seen this type of hack in the real world. We recently had a company come to us seeking our services for both Server Administration and ColdFusion programming. Part of taking this new company on as a client we performed a security review on all of their servers. They also had existing issues that we needed to look at in particular. Their web server was rebooting multiple times per day at what seemed like random intervals.

Upon review we found the web server was always running at 100% CPU usage with no services claiming to be using that much CPU power. Certainly not ColdFusion or IIS. We decided to install Malware Bytes and scanned for malware. It didn't take long to find that indeed there was malware running on the server. What we found surprised us only because we had not seen this in action before. It was a cryptocurrency miner and it was so intensive that it would crash the server. All attempts to remove the malware failed. It would end up back on the server in a short period of time. The fact is this server was compromised. To resolve the issue we sent one of our decommissioned, but powerful servers, preinstalled with a clean OS to their data center. Then our Operations Manager went on the road to install the new server as well as a physical firewall. We essentially rearchitected their entire server setup. Meanwhile, Malware bytes did it's best to keep the malware at bay while I recreated their web server on the new server. It was a busy week (or more), but we were able to clean the code on the clients server and put that on the new server. We also had to research and rebuild all the web application dependancies from scratch. When it was all said and done we replaced the compromised server with the new one and put all their servers behind a Cisco ASA.

This case of Hacking for Bitcoins proved costly in the end to the company who's systems were compromised all while providing a free profit to the hacker(s).

This is one more friendly reminder to make sure your ColdFusion servers are patched! Either patch them yourself, have your hosting provider patch them. If you need help upgrading your VM or patching your server (or anything else) our operations group is standing by 24/7 - give us a call at 402-408-3733, or send a note to operations at cfwebtools.com.

UPDATE: I saw this Ars Technica article today and it is directly related to this. Cryptojacking is bigger than most people think.

I'm Still Alive!

Whatever happened to that "Wil" guy that always wrote about ColdFusion stuff?

I'm still here! I've really neglected writing for the past couple years. My last real post (other than yesterdays) was in November of 2015. My excuses are I wasn't 'feeling it', I was too busy working, I didn't care about writing. Whatever. I think some people figured I dropped from the face of the earth. I sort of did in some ways. In other ways I've been doing the same things I've always been doing. WORKING and WORKING.

I'm still with CF Webtools, seven years now, and I'm primarily still doing ColdFusion stuff. I say stuff because I almost never do any actual coding. I'm more or less "The Wolf" aka Winston Wolf and "I Solve Problems". At CF Webtools, we are called in to solve problems for companies of all types. What kinds of problems? All problems whether it's coding, database/performance, web server/performance, hackers (oh my), bugs, etc. We solve problems so you can go about the business of your business. I guess I was so bogged down in the front lines that I forgot to write about a few of the battles and share what I've learned.

What's New?

Well, for the most part I'm doing AWS work. I'm midway through some AWS certification courses and I've been building out 'virtual data centers' for clients. Don't get me wrong, I'm still working with ColdFusion servers, but I'm mostly migrating them from physical iron, or other hosting providers, over to AWS. Some of these migrations are mixed environments and include things like PHP and .NET. They may also include full database server migrations into AWS RDS, DNS migrations to Route53, CloudWatch monitoring and more. For the most part AWS is fun and I like working on the platform. CF Webtools will build and/or manage your AWS solutions. Drop us an email.

The 2017 Solar Eclipse

[More]

ColdFusion 11 Update 13 and ColdFusion 2016 Update 5

Adobe just released security updates for ColdFusion 11 and ColdFusion 2016. This is a critical security update and you should be updating your ColdFusion servers.

With ColdFusion 11 Update 13 and ColdFusion 2016 Update 5 there are additional manual updates that are required to complete the security patch. The additional requirements are the same for both ColdFusion 11 and ColdFusion 2016 and the remaining information pertains to both versions. Both updates require that ColdFusion be running on Java version 1.8.0_121 or higher. For reference, ColdFusion 11 comes with Java version 1.8.0_25 (* originally it came with Java 1.7.0_nn) and ColdFusion 2016 comes with Java version 1.8.0_72. The Java that needs to be installed is different from the "Windows User" Java client that may already be installed. The installer is available from Oracle. Once the new Java version is installed, the jvm.config file for each ColdFusion instance needs to be updated to point to the new Java version installation path. If you're running the Enterprise version of ColdFusion, there's a likely chance there is more than one ColdFusion instance running.

Part of the instructions from Adobe says that if your ColdFusion server is installed as a J2EE server then there is an additional manual configuration that you ned to do. However, every installation of ColdFusion since the release of ColdFusion 10 is a J2EE or JEE installation. If you do not remember when you installed ColdFusion or you were not the one that did the installation, there are two ways to do the installation; "Server Configuration" and JEE Configuration". What Adobe really means is that if you are using a third party JEE server, "JEE Configuration", and not the built-in Tomcat JEE server, "Server Configuration", then there is an additional step.

If your ColdFusion server is running on a third party JEE server such as WebLogic, WildFly/EAP, custom Apache Tomcat, etc (Not the built in Tomcat that comes with ColdFusion), then the following step needs to be completed.

Set the following JVM flag, "-Djdk.serialFilter=!org.mozilla.** ", in the respective startup file depending on the type of Application Server being used.

For example,

  • On Apache Tomcat Application Server, edit JAVA_OPTS in the 'Catalina.bat/sh' file
  • On WebLogic Application Server, edit JAVA_OPTIONS in the 'startWeblogic.cmd' file
  • On a WildFly/EAP Application Server, edit JAVA_OPTS in the 'standalone.conf' file

This is one more friendly reminder to make sure your ColdFusion servers are patched! Either patch them yourself, have your hosting provider patch them or if they are not familiar or knowledgeable with ColdFusion contact us at CF Webtools to patch your servers.

*Note: ColdFusion11 when it was first released came with a version of Java 1.7.0_nn. Adobe later re-released ColdFusion 11 with Java 1.8.0_25. If you have ColdFusion 11 still running on Java 1.7 I highly recommend that Java be upgraded to Java 1.8. Oracle is no longer supporting Java 1.7 and 1.7 is long past it's end of life. Even though the Adobe instructions for this current security update states that you can run Java 1.7.0_131, I highly recommend upgrading to Java 1.8. Personally I will not install Java 1.7 on a clients servers and sign off on it being 'secure'.

CF Webtools is Hiring Full Time Remote Developers

We are looking to expand our team a bit and we need a ColdFusion programmer with strong skills! Job Posting

CF Webtools is located in Omaha, NE, but we have a large number of remote employees and contractors. If you are interested,read the job posting at the link above and contact us.

I've been with CF Webtools since December of 2010 and it's a Great place to work.

Allaire Brothers talking about ColdFusion

What's In Your CFIDE Folder?

Over the years of working on ColdFusion servers for CF Webtools I have encountered many servers that have been breached (hacked). In most cases the cause was for lack of better description "human error". I say human error because no one properly secured the server when it was installed, no one maintained the server over the years of use and no one was checking to see if anyone had tried hacking the server.

Then something BAD happened that caused EVERYONE to notice the server was breached. Maybe it was your credit card processor informing you that customer cards are being stolen when they purchased from your online store? Maybe it was your servers IP being black listed because it was spewing tens of thousands of spam emails? Maybe you were notified that your medical website had been breached? Maybe it was a notice from the FBI that your server was part of a list of servers that were known to have been breached. Those are NOT good days!

Many times these companies contact CF Webtools for our expertise in resolving breached servers. When they do Mark Kruger, aka. ColdFusion Muse sends me in to investigate, record any data/forensics that I can and mitigate the situation while we simultaneously build a new server for the client. Usually this is what it takes to recover from a breach.

Over time I have collected a large number of 'hack files' that contain the code to breach a website and steal credit cards, entire databases, or even load malware onto an unsuspecting users computer. These files are typically found in an unsecured CFIDE folder. Here are a couple examples.

If you happen to see anything that looks like those files then the server has been breached. If your team is properly securing and maintaining your ColdFusion servers you should never see anything like this. However, if you are seeing files like this in your CFIDE folder or files in your website that are unaccounted for, then it's very likely the server has been breached.

Now what? That is a very open ended question. The first thing to do is accept the fact that it happened and understand that it's happened to companies that are far bigger and with much bigger IT budgets than yours. Remember Target? Now you have to figure out how the breach occurred, determine how much was breached, mitigate the breach as best as you can and then in most cases start building and securing new server(s). It's my belief that once a server has been breached we can never be 100% certain that we've found everything that was put on the server by that breach. Once you have a clean server then you clean and migrate your code and other resources to the new server. This can be a huge and daunting task especially if you have a minimal IT department or none at all.

If no one on your IT team is responsible for maintaining the servers and/or your hosting company isn't maintaining the servers then, who will? Who will make sure they are secure? We will.

Who you Gonna Call? CF Webtools!

More Entries