Coldfusion Directory Monitoring with Event Gateways

This just came up on Twitter today and I realized I hadn’t posted about it so here you are.

Many hacks of ColdFusion over the years have been through people manipulating the CFIDE directory. (the most famous being the FCKeditor Hack) There are many ways to combat this but here’s a simple one.

Using the DirectoryWatcher Event Gateway built into CF versions 8 & up, you can in just a few minutes set up some code to monitor & alert you of changes to the CFIDE (or any other) directory.

You need 2 piece of code.

The Config File

CFIDE_Alert.cfg

# The directory you want to watch. If you are entering a Windows path
# either use forward slashes (C:/mydir) or escape the back slashes (C:\\mydir). 
directory=C:/Inetpub/wwwroot/cfide
# Should we watch the directory and all subdirectories too
# Default is no. Set to 'yes' to do the recursion. 
recurse=yes
# The interval between checks, in milliseconds
# Default is 10 seconds
interval=10000
# The comma separated list of extensions to match.
# Default is * - all files
extensions=*
# CFC Function for file Change events
# Default is onChange, set to nothing if you don't want to see these events
changeFunction=onChange
# CFC Function for file Add events
# Default is onAdd, set to nothing if you don't want to see these events
addFunction=onAdd
# CFC Function for file Delete events
# Default is onDelete, set to nothing if you don't want to see these events
#deleteFunction=

and a CFC to use for the Gateway. (note: I don’t have Delete events turned on as I delete CFIDE/Admin files when not in use…for another post)

CFIDE_Alert.cfc

<cfcomponent>
<cffunction name="onAdd" returntype="any">
<cfargument name="CFEvent" type="struct" required="yes">
<cfset data = CFEvent.data>


 <cfmail to="webmaster@example.com" 
		server="yoursmtp.server"
		username="youruname"
		password="yourpwd"
		from="alert@example.com"
		subject="CFIDE CHANGE DETECTED!"
		type="html">
<cfdump var="#data#">
</cfmail>
</cffunction>

<cffunction name="onCHANGE" returntype="any">
<cfargument name="CFEvent" type="struct" required="yes">
<cfset data = CFEvent.data>


 <cfmail to="webmaster@example.com" 
		server="yoursmtp.server"
		username="youruname"
		password="yourpwd"
		from="alert@example.com"
		subject="CFIDE CHANGE DETECTED!"
		type="html">
			
<cfdump var="#data#">
</cfmail>
</cffunction>

</cfcomponent>

Then all you need to do is create the Event Gateway

Capture

Now, if any files are changed or there are files added, you are sent an email. You could also use Event Gateways to send a an SMS message so you can be notified anywhere, anytime.

Capture

Advertisements

One Response to Coldfusion Directory Monitoring with Event Gateways

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: