This article goes over securing CFIDE for ColdFusion against malicious uploads (http://www.adobe.com/support/security/advisories/apsa13-01.html) 

Update 1/16/2013: Adobe has issued a patch (http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html).  DataBank still recommends locking down ColdFusion below in addition to applying the patch.

Update 5/15/2013: Due to recent changes in security on DataBank's network, all CF Admin requests are locked down to internal connections only (i.e. from RDC or through an SSH Tunnel for Linux)

Steps

Note that if you are adding a new site to the server, you will need to follow the steps below for securing the CFIDE directory. 

For IIS7, please follow the steps below.

1. Log into the server via Remote Desktop.  
2. Run the following via command line for IIS 7.x: %windir%\system32\inetsrv\appcmd.exe unlock config -section:system.webServer/security/ipSecurity
3. Open Internet Information Services (IIS) and expand the websites.  Find the CFIDE virtual directory for each website and select it.  Expand the CFIDE virtual directory and lock down the following directories: AIR, appdeployment, debug, images, orm ,portlets, scheduler, ServerManager, Services, Websocket, wizards, and main.  Under the CFIDE folder administrator, adminapi, componentutils, probe.cfm, and multiservermonitor-access-policy.xml.

4. Click the button for IP Address and Domain Restrictions and choose Add Allow Entry... from the sidebar. 

5. Enter in 127.0.0.1 for all three directories and 69.63.128.150 for the administrator directory only (EWH IP address) as the allow entries.  Do this for all of the folders/files listed in Step 3.  This will allow only localhost to view those directories thereby preventing malicious uploads to the directories.  You must do this for each CFIDE directory on the server/for each website in IIS with the directory.  Note that if your server is behind a firewall, you may need to add your internal IP address range of the server to the list.