Here's an easy code modification that is a nice security addition for sites, particularly older stores, and will help somewhat against the recent attacks. Please note that this is far from a comprehensive fix and depending on the level of access the hackers gained, may not help if you have already been attacked. See the links below for more detailed information on dealing with attacked sites for comprehensive details on cleaning up sites.
Version 6 contains a lot of additional coding to protect against XSS, SQL injection, session spoofing and other attacks, that makes it considerably harder to attack, and it is STRONGLY recommended that you upgrade to the latest release if at all possible. If you are running an older version, there's a greater chance that a hacker can get access to secure areas of your store and once they get in there, they have access to a lot of things that could compromise your site. Be sure to use strong passwords, change your username regularly, use SFTP if possible, etc. to keep your site secure, but this code helps ensure that they can't upload and hide a CFM file and run it on your server from a hidden subdirectory. In the Application.cfm file, replace this section of code (the exact file list may differ depending on your version):
<cfif not listFindNoCase(directaccessfiles,getfilefrompath(cgi.script_name))>
<cflocation url="#request.self#" addtoken="No">
with this code:
AND "#GetDirectoryFromPath(GetCurrentTemplatePath())#sitemap.cfm" NEQ GetBaseTemplatePath()
AND "#GetDirectoryFromPath(GetCurrentTemplatePath())#go.cfm" NEQ GetBaseTemplatePath()
AND "#GetDirectoryFromPath(GetCurrentTemplatePath())#image.cfm" NEQ GetBaseTemplatePath()
AND "#GetDirectoryFromPath(GetCurrentTemplatePath( ))#admin\index.cfm" NEQ GetBaseTemplatePath()>
Please note, if your store is not in your webroot directory, be sure to include the path to the store in the cflocation (such as url="/store/index.cfm"). Also depending on your version, the list of files allowed may be slightly different than these, so adjust as necessary.