<div>
<br />
1) First of all change your all Password to more Complex like (alphabetic, numeric and special character in password).<br />
<br />
2) have you given access right to anyone ?<br />
<br />
3) have you given access rights to anonymous ? <br />
<br />
4) have you reveal your password in your any html pages ?<br />
<br />
5) remove 1.asp file or rename that file and check this file called from any of your pages...
</div>


<div>
Do you have form on your site? Text boxes for users to enter information and submit? Are you cleansing the input from these to prevent scripts from being entered and submitted?
</div>


<div>
thanks for replay<br />
<br />
actually we use our own script , and also our own CMS , and all our password are Complex , plus I am the only one how can access to the CMS<br />
<br />
and also the HTML forms are protected from entering any script or SQL injection because I am using Stored Procedure for all the transaction with the Database<br />
<br />
the problem now , I need to know , how that person or Software uploaded that asp file ??<br />
what should I consider to prevent any one from hacking my website ?<br />
<br />
thanks again<br />

</div>


<div>
Are you using Sql Parameters in your stored procedures? Are you using regex expressions or some other method to limit the characters that can be entered into text boxes?
</div>


<div>
I use Backtrack and appscan for vulnerability check<br />
1. &nbsp; &nbsp; &nbsp;Nessus (Linux if you can) <a href="http://www.nessus.org/nessus/" rel="ugc">http://www.nessus.org/nessus/</a><br />
2. &nbsp; &nbsp; &nbsp;Nikto (Linux) <a href="http://www.cirt.net/nikto2" rel="ugc">http://www.cirt.net/nikto2</a><br />
3. &nbsp; &nbsp; &nbsp;Paros proxy (Linux if you can) <a href="http://www.parosproxy.org/index.shtml" rel="ugc">http://www.parosproxy.org/index.shtml</a><br />
4. &nbsp; &nbsp; &nbsp;Ike-scan (Linux) <a href="http://www.nta-monitor.com/tools/ike-scan/" rel="ugc">http://www.nta-monitor.com/tools/ike-scan/</a><br />
5. &nbsp; &nbsp; &nbsp;SARA (Security Auditor's Research Assistant) (Linux) <a href="http://www-arc.com/sara/" rel="ugc">http://www-arc.com/sara/</a><br />
6. &nbsp; &nbsp; &nbsp;MBSA (discutable) <a href="http://technet.microsoft.com/en-us/security/cc184923.aspx" rel="ugc">http://technet.microsoft.com/en-us/security/cc184923.aspx</a><br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<a href="http://en.wikipedia.org/wiki/BackTrack" rel="ugc">http://en.wikipedia.org/wiki/BackTrack</a><br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<a href="http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf" rel="ugc">http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf</a><br />
7. &nbsp; &nbsp;AppScan from IBM<br />
<a href="http://www-01.ibm.com/software/awdtools/appscan/" rel="ugc">http://www-01.ibm.com/software/awdtools/appscan/</a><br />
AppScan Enterprise centralized control with advanced application scanning, remediation capabilities, executive security metrics and dashboards, key regulatory compliance reporting and seamless integration with the desktop version. AppScan Enterprise Edition provides:<br />
<br />
&nbsp; &nbsp; * Scalable, enterprise architecture that enables centralized scanning of multiple applications simultaneously<br />
&nbsp; &nbsp; * Intelligent fix recommendations to ease the process of remediation once security vulnerabilities have been identified and validated<br />
&nbsp; &nbsp; * Ability to scans Web sites for both embedded malware and links to malicious or undesirable sites to ensure your Web site is not infecting visitors or directing them to unwanted or dangerous sites without their knowledge<br />
&nbsp; &nbsp; * Continuous monitoring and aggregation of metrics to ensure remediation and trend improvement over time<br />

</div>


<div>
It's hard to give you advice when we don't know<br />
much about your current setup. What are the versions of IIS, Operating system are you running? Also you say you use your own script. Can you elaborate on that as well as the CMS system. Like was the system made with managed or unmanaged code, does it have input validation, had it been stress tested, too many to list here.... Also have you checked your logs to check for injection attempts on web traffic? 
</div>


<div>
Just because I need to close the question
</div>


<div>
Well you never answered my questions. I never got to the chance to help you, since you didn't answer. Oh well!
</div>


<div>
<div class="content wysiwyg-content">
hi all<br />
<br />
my website is developed by ASP.NET<br />
<br />
but someone uploaded an ASP file to my site (1.asp) , but I don't know how he upload that file :(<br />
<br />
and that file give him full control over my site :(<br />
<br />
I am sure there are no ability for SQL Injection because all the transactions with the database made by Stored Procedures <br />
<br />
any one can help me with information what the problem could ?? how can I check my website if there's any bug I don't now it ?<br />
<br />
I thing that file uploaded by hacking software !! <br />
<br />
<br />
thanks in advance
</div>
</div>


hi all

my website is developed by ASP.NET

but someone uploaded an ASP file to my site (1.asp) , but I don't know how he upload that file :(

and that file give him full control over my site :(

I am sure there are no ability for SQL Injection because all the transactions with the database made by Stored Procedures 

any one can help me with information what the problem could ?? how can I check my website if there's any bug I don't now it ?

I thing that file uploaded by hacking software !! 


thanks in advance

someone hack my site

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.