?
Solved

weird asp files on my root folder

Posted on 2013-12-12
4
Medium Priority
?
363 Views
Last Modified: 2013-12-16
Greetings all,
my google ranking dropped tremindously latekym when i contacted my host (west host) they expected i was hacked.
i noticed the following files on my root folder.
dbhot.asp
global.asa
hccs.asp
koh.asp
aspadmin_A.asp

that have alot of weird code , and i am sure i did not put them there.

can anyone investigate if these are bad code, or legit codes. ?
check attached global.asa (renamed to .txt) so i can upload it

Thank you
global.txt
0
Comment
Question by:Da_Ch0sen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1200 total points
ID: 39714868
You have probably been hacked.  The "global.asa" you posted does a redirect if it detects that the request "HTTP_REFERER" was from Baidu.com which is the Chinese search engine like Google.
0
 
LVL 33

Assisted Solution

by:Big Monty
Big Monty earned 800 total points
ID: 39714962
besides doing a redirect, it looks like it's also calling a web service and fetching content to be displayed on the screen, most likely malware.

I would delete these files and then do a thorough security check of your site. Look for other files don't belong, as well as any openings that hackers may enter to do sql injection
0
 
LVL 1

Author Comment

by:Da_Ch0sen
ID: 39719084
how can i run a malware scan ?
shouldnt my host do that ? or me ?


thanks
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39719140
Good question.  You should definitely tell your host about this and see what they will do.  You can't do scan on the hosting computer.  I don't know of any AV at the moment that would be able to scan those files anyway.  They will pick up some javascript in your browser that is malware but I don't know that they would recognize anything in ASP files that was bad.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL several years ago, it seemed like now was a good time to update it for object-oriented PHP.  This article does that, replacing as much as possible the pr…
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question