Hacked Site

I have an asp.net site hosted at servergrid.com.  The url is pafca-dal.org.  It was hacked about about a week ago with a bunch of files replaced and added to the site.  I'm not sure how they got in.  My focus is on getting the site back up.  If you browse to the site right now, there is a broken search page.  I have tried cleaning up the site, but can't find the site that is being displayed.  If you go to pafca-dal.org/default.aspx, the same search page shows up.  The problem is, I can't find default.aspx if I bring up the site thru my FTP client or through servergrid.com's file browser.  Could it be hidden somehow?  How can I browse to it in my browser, but can't view it anywhere else?  Any help will be greatly appreciated.
LVL 6
yawkey13Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Davis McCarnOwnerCommented:
servergrid makes daily backups.  Have you asked them about restoring your site?
0
yawkey13Author Commented:
I have received a backup.  When restoring, the corrupted default.aspx stays in place.  Looking at the backup, the file is fine.  Once I copy it to the site, it reverts to the corrupted one.  It is really weird.   I can browse to pafca-dal.org/default.aspx, but can't see default.aspx in my ftp client.  It's like it is hidden and protected from being overwritten.
0
btanExec ConsultantCommented:
If site is hacked, it is already in tainted state and do change all account login and even the server has fresh installed if possible. typically a snapshot restoration will still be subjected to hack (and even same hack) again. Best is to have the site, clean up, address the gap if you know (i assumed you are drilling into it) and secured it before restoration meanwhile a static maintenance is the interim. See more on securing asp.net site. most likely certain file has been uploaded or config tainted, monitor any file changes and ensure unauthorised file access is prevented (example anonymous uploading of files, etc)

note this from Servergrid.com TOC
Possible causes of server resource abuse include, but are not limited to, the use of: CGI, Perl, Sendmail, mySQL, MSSQL, PHP, ASP, COLDFUSION, HTTP, SMTP, POP3 and FTP. If server resource abuse is detected, possible actions include, but are not limited to: disabling of the offending script or scripts, disabling of the specific service, disabling of the entire account or account suspension. If server overload is a result of server resource abuse, these actions will be taken without prior notice or warning.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Davis McCarnOwnerCommented:
Nah, I'll bet the permissions were changed on that file and you, most probably, need to set them back so you can restore it.
It would; however, be a good idea to change all of the passwords for anyone with permission to change any of the files.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Applications

From novice to tech pro — start learning today.