We are hosting on a Virtual Private server running Windows server 2003 Enterprise edition service pack 1.
We have been hacked 3 times in the last week…. There are about 60 sites on this server, mostly asp. Each Hacker was different, one Brasilian, Chinese and last was Turkish. Each time they inserted an index.htm page which all read similarly about how great they were and that they owned us. Some sites also had a file called ’index.asp’ which has nearly 3000 lines of script. When loaded the page displays the content of the root folder and several browse buttons which allowed for upload.
I tried to ftp download this file, but my local machine running Norton, simply deleted it without even asking and notified me that it was a Hacktool.
We have now changed all the usernames and password but what should we be doing.
How can I check the vulnerability of the web server so as we can show the hosting company…
Any practical advice appreciated.