http://coldfusion.com logo
Join Slack
Powered by
Now I am getting lots of issues Message : Invali...
# cfml-general
g
Now I am getting lots of issues Message : Invalid request of Application.cfm, Application.cfc, or OnRequestEnd.cfm file. I have an intranet application Not sure why I am getting a lot now And also things like Application v2 could not be found
d
I'm sure you know this if you think about it, but there's no possible way anyone else could have any idea what's wrong from that (lack of a) description.
g
I am outside but I will some stacktrace to it
seems it getting attacked PATH_TRANSLATEDD\MISApps\website\nul.cfmCF TEMPLATE PATHD\MISApps\website\nul.cfmHTTP_URL/nul.cfmHTTPSonREQUEST_METHODGETSCRIPT_NAME/nul.cfm
i don't have any nul.cfm
how can i stop this
this is the StackTrace
Copy code
java.io.IOException: Incorrect function
	at java.base/java.io.FileInputStream.available0(Native Method)
	at java.base/java.io.FileInputStream.available(FileInputStream.java:330)
	at java.base/java.io.BufferedInputStream.available(BufferedInputStream.java:416)
	at coldfusion.util.BOMReader.startsWith(BOMReader.java:101)
	at coldfusion.compiler.TemplateReader.(TemplateReader.java:89)
	at coldfusion.compiler.TemplateReader.(TemplateReader.java:83)
	at coldfusion.compiler.NeoTranslationContext.getPageReader(NeoTranslationContext.java:943)
	at coldfusion.compiler.NeoTranslator.translateJava(NeoTranslator.java:417)
	at coldfusion.compiler.NeoTranslator.translateJava(NeoTranslator.java:197)
	at coldfusion.runtime.TemplateClassLoader$TemplateCache$1.fetch(TemplateClassLoader.java:527)
	at coldfusion.util.LruCache.get(LruCache.java:180)
	at coldfusion.runtime.TemplateClassLoader$TemplateCache.fetchSerial(TemplateClassLoader.java:453)
	at coldfusion.util.AbstractCache.fetch(AbstractCache.java:58)
	at coldfusion.util.SoftCache.get_statsOff(SoftCache.java:153)
	at coldfusion.util.SoftCache.get(SoftCache.java:92)
	at coldfusion.runtime.TemplateClassLoader.findClass(TemplateClassLoader.java:721)
	at coldfusion.filter.PathFilter.invoke(PathFilter.java:145)
	at coldfusion.filter.IpFilter.invoke(IpFilter.java:45)
	at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:97)
	at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
	at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38)
	at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:60)
	at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
even i see this call from this page /rest/v1/service/index_pri.php
there is no such php pages
says like this
Copy code
javax.servlet.ServletException: Application v1 could not be found.
	at coldfusion.rest.servlet.CFRestServlet.invoke(CFRestServlet.java:997)
	at coldfusion.rest.servlet.RestFilter.invoke(RestFilter.java:62)
	at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:97)
	at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28)
	at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38)
	at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22)
	at coldfusion.rest.servlet.CFRestServlet.invoke(CFRestServlet.java:533)
	at coldfusion.rest.servlet.CFRestServlet.service(CFRestServlet.java:524)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
	at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:311)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:46)
	at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47)
and seeing random calls to /CFIDE/probe.cfm 53Probe requests must originate from localhost, 127.0.0.1 /CFIDE/adminapi/customtags/l10n.cfm 129Element JSCRIPT is undefined in ATTRIBUTES.
not sure why all requests are hitting cfide
enabling this can it be a problem: coldfusion.filter.FormScope;coldfusion.util.CaseInsensitiveHashtable;coldfusion.filter.UrlScope;
p
Configure the firewall to block all requests to CFIDE from outside the box?
g
so i need to contact our IT guy, nertwork guy to block all requests from outside the box?, by outside the box means the peop[le who do not connect with VPn will not not be able to access it right
?
m
I am not on ACF, so I don't actually speak from experience, but I think you should check out the server lockdown guides from Adobe and maybe try their autolockdown tooling: https://helpx.adobe.com/coldfusion/using/server-lockdown.html If yours is a purely intranet application, you should really make sure that your application is not exposed at all to the public internet, thus simply denying any automated exploit scanners access. We're running a couple of fairly large sites, so we don't have the luxury to do just that and we regularly see both exploit scanners, manual "security researchers" who then try to extort a "security bounty" for things as trivial as an author overview page "disclosing all the author names" on a site - who could have thought? So we're using mechanisms like Fail2Ban to take the fun out of flooding our logfiles. This is definitely not tied to the language, though I am so glad, that having left ACF behind we don't have to mess with CFIDE crap any longer - my stance is that having frontend mixins in a server side language was always just a bad idea from the start, even though I see the convenience factor. Anyway, whatever your tech stack may be: Yes, you'll definitely need to work closely with your IT guy to keep everything locked down, updated in a very timely fashion, and constantly monitored for suspicious activity.
☝🏻 1
b
@gsr, a basic question: have you tried to find out where the requests are coming from?
Open in Slack
PreviousNext
Powered by