I am not sure if my coldfusion server is hacked.
I found the following items within a directory of one of my coldfusion web applications making it unavailable:
1) 1.zip
* this zip file was decompressed with 301 malicious folders related to vigra and dkeys.txt
2) make2.zip
* this zip file was decompressed with a folder named test-test and two other cfm files: application.cfm and tampl.cfm.
Is anyone else experiencing this issue? It just happened today. And I just patched the server with the latest security hotfix last Thursday.
My coldfusion server has RDS disabled, and the directory for CFIDE has been renamed, meanning CFIDE is technically not available. And CFIDE has also been moved to a different virtual web server running on a different port on IIS (not accessible from the internet) according to the instructions. I can't guess any possible way that hackers could hack into the server, unless via coldfusion web itself.
And i wonder how these two zip files got decompressed remotely.