Solved

Hacked Site

Posted on 2014-11-14
4
121 Views
Last Modified: 2015-05-08
I have an asp.net site hosted at servergrid.com.  The url is pafca-dal.org.  It was hacked about about a week ago with a bunch of files replaced and added to the site.  I'm not sure how they got in.  My focus is on getting the site back up.  If you browse to the site right now, there is a broken search page.  I have tried cleaning up the site, but can't find the site that is being displayed.  If you go to pafca-dal.org/default.aspx, the same search page shows up.  The problem is, I can't find default.aspx if I bring up the site thru my FTP client or through servergrid.com's file browser.  Could it be hidden somehow?  How can I browse to it in my browser, but can't view it anywhere else?  Any help will be greatly appreciated.
0
Comment
Question by:yawkey13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 43

Expert Comment

by:Davis McCarn
ID: 40444524
servergrid makes daily backups.  Have you asked them about restoring your site?
0
 
LVL 6

Author Comment

by:yawkey13
ID: 40445017
I have received a backup.  When restoring, the corrupted default.aspx stays in place.  Looking at the backup, the file is fine.  Once I copy it to the site, it reverts to the corrupted one.  It is really weird.   I can browse to pafca-dal.org/default.aspx, but can't see default.aspx in my ftp client.  It's like it is hidden and protected from being overwritten.
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 40445052
If site is hacked, it is already in tainted state and do change all account login and even the server has fresh installed if possible. typically a snapshot restoration will still be subjected to hack (and even same hack) again. Best is to have the site, clean up, address the gap if you know (i assumed you are drilling into it) and secured it before restoration meanwhile a static maintenance is the interim. See more on securing asp.net site. most likely certain file has been uploaded or config tainted, monitor any file changes and ensure unauthorised file access is prevented (example anonymous uploading of files, etc)

note this from Servergrid.com TOC
Possible causes of server resource abuse include, but are not limited to, the use of: CGI, Perl, Sendmail, mySQL, MSSQL, PHP, ASP, COLDFUSION, HTTP, SMTP, POP3 and FTP. If server resource abuse is detected, possible actions include, but are not limited to: disabling of the offending script or scripts, disabling of the specific service, disabling of the entire account or account suspension. If server overload is a result of server resource abuse, these actions will be taken without prior notice or warning.
0
 
LVL 43

Assisted Solution

by:Davis McCarn
Davis McCarn earned 250 total points
ID: 40445093
Nah, I'll bet the permissions were changed on that file and you, most probably, need to set them back so you can restore it.
It would; however, be a good idea to change all of the passwords for anyone with permission to change any of the files.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
disable USB on Dell Printers 14 73
802.1X auth setup and configuration 3 82
firewall log 4 56
Does Public Key / Private Key encrypt emails too? 7 21
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question