?
Solved

Hacked Site

Posted on 2014-11-14
4
Medium Priority
?
132 Views
Last Modified: 2015-05-08
I have an asp.net site hosted at servergrid.com.  The url is pafca-dal.org.  It was hacked about about a week ago with a bunch of files replaced and added to the site.  I'm not sure how they got in.  My focus is on getting the site back up.  If you browse to the site right now, there is a broken search page.  I have tried cleaning up the site, but can't find the site that is being displayed.  If you go to pafca-dal.org/default.aspx, the same search page shows up.  The problem is, I can't find default.aspx if I bring up the site thru my FTP client or through servergrid.com's file browser.  Could it be hidden somehow?  How can I browse to it in my browser, but can't view it anywhere else?  Any help will be greatly appreciated.
0
Comment
Question by:yawkey13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 43

Expert Comment

by:Davis McCarn
ID: 40444524
servergrid makes daily backups.  Have you asked them about restoring your site?
0
 
LVL 6

Author Comment

by:yawkey13
ID: 40445017
I have received a backup.  When restoring, the corrupted default.aspx stays in place.  Looking at the backup, the file is fine.  Once I copy it to the site, it reverts to the corrupted one.  It is really weird.   I can browse to pafca-dal.org/default.aspx, but can't see default.aspx in my ftp client.  It's like it is hidden and protected from being overwritten.
0
 
LVL 64

Accepted Solution

by:
btan earned 1000 total points
ID: 40445052
If site is hacked, it is already in tainted state and do change all account login and even the server has fresh installed if possible. typically a snapshot restoration will still be subjected to hack (and even same hack) again. Best is to have the site, clean up, address the gap if you know (i assumed you are drilling into it) and secured it before restoration meanwhile a static maintenance is the interim. See more on securing asp.net site. most likely certain file has been uploaded or config tainted, monitor any file changes and ensure unauthorised file access is prevented (example anonymous uploading of files, etc)

note this from Servergrid.com TOC
Possible causes of server resource abuse include, but are not limited to, the use of: CGI, Perl, Sendmail, mySQL, MSSQL, PHP, ASP, COLDFUSION, HTTP, SMTP, POP3 and FTP. If server resource abuse is detected, possible actions include, but are not limited to: disabling of the offending script or scripts, disabling of the specific service, disabling of the entire account or account suspension. If server overload is a result of server resource abuse, these actions will be taken without prior notice or warning.
0
 
LVL 43

Assisted Solution

by:Davis McCarn
Davis McCarn earned 1000 total points
ID: 40445093
Nah, I'll bet the permissions were changed on that file and you, most probably, need to set them back so you can restore it.
It would; however, be a good idea to change all of the passwords for anyone with permission to change any of the files.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question