Hacked Site

I have an asp.net site hosted at servergrid.com.  The url is pafca-dal.org.  It was hacked about about a week ago with a bunch of files replaced and added to the site.  I'm not sure how they got in.  My focus is on getting the site back up.  If you browse to the site right now, there is a broken search page.  I have tried cleaning up the site, but can't find the site that is being displayed.  If you go to pafca-dal.org/default.aspx, the same search page shows up.  The problem is, I can't find default.aspx if I bring up the site thru my FTP client or through servergrid.com's file browser.  Could it be hidden somehow?  How can I browse to it in my browser, but can't view it anywhere else?  Any help will be greatly appreciated.
LVL 6
yawkey13Asked:
Who is Participating?
 
btanExec ConsultantCommented:
If site is hacked, it is already in tainted state and do change all account login and even the server has fresh installed if possible. typically a snapshot restoration will still be subjected to hack (and even same hack) again. Best is to have the site, clean up, address the gap if you know (i assumed you are drilling into it) and secured it before restoration meanwhile a static maintenance is the interim. See more on securing asp.net site. most likely certain file has been uploaded or config tainted, monitor any file changes and ensure unauthorised file access is prevented (example anonymous uploading of files, etc)

note this from Servergrid.com TOC
Possible causes of server resource abuse include, but are not limited to, the use of: CGI, Perl, Sendmail, mySQL, MSSQL, PHP, ASP, COLDFUSION, HTTP, SMTP, POP3 and FTP. If server resource abuse is detected, possible actions include, but are not limited to: disabling of the offending script or scripts, disabling of the specific service, disabling of the entire account or account suspension. If server overload is a result of server resource abuse, these actions will be taken without prior notice or warning.
0
 
Davis McCarnOwnerCommented:
servergrid makes daily backups.  Have you asked them about restoring your site?
0
 
yawkey13Author Commented:
I have received a backup.  When restoring, the corrupted default.aspx stays in place.  Looking at the backup, the file is fine.  Once I copy it to the site, it reverts to the corrupted one.  It is really weird.   I can browse to pafca-dal.org/default.aspx, but can't see default.aspx in my ftp client.  It's like it is hidden and protected from being overwritten.
0
 
Davis McCarnOwnerCommented:
Nah, I'll bet the permissions were changed on that file and you, most probably, need to set them back so you can restore it.
It would; however, be a good idea to change all of the passwords for anyone with permission to change any of the files.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.