How did a hacker add a script block to my page?
My question is: how can someone change a file on my server without logging in to the server? It seems they can't have my password -- if they did, they wouldn't need the brute force attack, right? Via the Event Viewer I see that a certain ip address was attempting to login every few seconds for days.
I replaced the hacked file, but within 24 hours it happened again. I have since denied access to 3 ip addresses that I see in my log files. I am running IIS, and my application server is ColdFusion.
Any explanations or advice for preventive measures would be greatly appreciated. Thank you!
There are any number of ways that a site can be compromised without use of log-in credentials.
Assuming that you are not self-hosted, you need to engage your hosting firm in this matter.
Telling everyone about your configurations probably just added to your problems. These are not issues one reaches out to the general public to solve. A search, yes, but a forum post? Not so helpful.
The best advice anyone can offer is, "Refer to qualified technician for servicing."