Thanks for the update. The issues all apply to CF7 as well. And even more so, in that Adobe may have only created updates for 8 and 9, for security vulnerabilities in recent years (support for 7 would have been dropped by Adobe when 9 came out in 2009. So it's all the more vital to lockdown the Admin and admin-related directories. (The Admin API was introduced in CF7, and while I don't have a cf7 setup to check, I suspect that the API was set to be remotely public, after login, just as it remains today, which again makes the hack from earlier this year one that even 7 servers could be subject to.)
/charlie From: [email protected] [mailto:[email protected]] On Behalf Of Jeff Howard Sent: Tuesday, November 12, 2013 12:59 AM To: [email protected] Subject: Re: [ACFUG Discuss] AVG exploit blackhat seo type 1703 I appreciate the reply and I'm going to read through the links that you posted. I did not mention they are still running CF7. I will definitely pass your name along for a quick remote fix if I am unable to lock things down more to prevent this from happening in the future. Thanks again. Jeff ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
