CFM files on server hacked, any insight on what might be going on? [closed]

Question

Discovered some hacked CFM files on my server, decrypted them, and here is what I have found (among many others, but this one seems substantial). I was wondering if anyone has some insight into the implications of the hack, or maybe has seen something similar?

http://pastebin.com/RJySHvQv

Answer 1

That's a common web shell uploaded by hackers to exploit your server. Your server is most likely not current on CF patches and has the /CFIDE/administrator directory publicly available (against best practice)

• Take your server offline.
• Do not try to clean, it needs to be rebuilt from scratch
• All code, and CF settings need to be audited
• Assume everything in your database has been stolen and notify customers
• Hire a CF company company to help you reconfigure your servers securely. There are many for you to choose from. I work for one and would be happy to help if you wish.