David-Smith wrote:
Thanks, Adam. I was under the impression Adobe support would look at these threads from time to time, but if not, then okay.
They do. But "occasionally" and the people doing so seem to be only first-level support people, so working with mostly canned responses.
* This is being written to the application.log. I see dozens if not hundreds of them in a row, which make me feel a little bit like someone is trying to hack something. These groupings show up randomly, there does not seem to be a pattern, and like i said they go on and on, this is just a snippet:
"Warning","ajp-bio-8012-exec-887","09/05/13","07:56:53","CFADMIN","Une xpected characters found in locale."
OK, what about in your web server logs. Is there a pattern in there of what someone's (trying to ~) browse to?
* I'm not sure what you mean by what "locale" my site is running under. This is just normal US version.
* I doubt I have actual ColdFusion code with non-ASCII characters in it (how would that even happen?),
Well most of the people in the world live in locales that aren't USA ;-)
Obviously one shoudl avoid hard-coded values in code files, but consider this:
<cfset helloWorld = "привет мир">
<cfoutput>#helloWorld#</cfoutput>
It's not uncommon to have non-ASCII characters in source code files.
The only other thing I notice, which is what leads me to believe this is some sort of hack attempt, is that peppered in between these "Unexpected characters" groups are a few lines like this:
"Error","ajp-bio-8012-exec-934","09/05/13","07:34:54","cfadmin","Eleme nt JSCRIPT is undefined in ATTRIBUTES. The specific sequence of files included or processed is: C:\ColdFusion10\cfusion\wwwroot\CFIDE\adminapi\customtags\l10n.cfm, line: 129 "
"Error","ajp-bio-8012-exec-934","09/05/13","07:35:19","cfadmin","Eleme nt JSCRIPT is undefined in ATTRIBUTES. The specific sequence of files included or processed is: C:\ColdFusion10\cfusion\wwwroot\CFIDE\adminapi\customtags\l10n.cfm, line: 129 "
Thanks for any advice. Btw, our CFIDE is not exposed to the public (i.e., outside of our firewall).
On one hand you're saying CFIDE ain't externally exposed... on the other hand that log very clearly demonstrates that URLs within CFIDE are being called. So I think you better check that. You might not be as secure as you think.
Or... this doesn't occur when you yourself are in CFAdmin, does it?
Or do you have code that uses the CFAdminAPI?
--
Adam