Solved

Hacked Site

Posted on 2014-11-14
4
114 Views
Last Modified: 2015-05-08
I have an asp.net site hosted at servergrid.com.  The url is pafca-dal.org.  It was hacked about about a week ago with a bunch of files replaced and added to the site.  I'm not sure how they got in.  My focus is on getting the site back up.  If you browse to the site right now, there is a broken search page.  I have tried cleaning up the site, but can't find the site that is being displayed.  If you go to pafca-dal.org/default.aspx, the same search page shows up.  The problem is, I can't find default.aspx if I bring up the site thru my FTP client or through servergrid.com's file browser.  Could it be hidden somehow?  How can I browse to it in my browser, but can't view it anywhere else?  Any help will be greatly appreciated.
0
Comment
Question by:yawkey13
  • 2
4 Comments
 
LVL 43

Expert Comment

by:Davis McCarn
ID: 40444524
servergrid makes daily backups.  Have you asked them about restoring your site?
0
 
LVL 6

Author Comment

by:yawkey13
ID: 40445017
I have received a backup.  When restoring, the corrupted default.aspx stays in place.  Looking at the backup, the file is fine.  Once I copy it to the site, it reverts to the corrupted one.  It is really weird.   I can browse to pafca-dal.org/default.aspx, but can't see default.aspx in my ftp client.  It's like it is hidden and protected from being overwritten.
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 40445052
If site is hacked, it is already in tainted state and do change all account login and even the server has fresh installed if possible. typically a snapshot restoration will still be subjected to hack (and even same hack) again. Best is to have the site, clean up, address the gap if you know (i assumed you are drilling into it) and secured it before restoration meanwhile a static maintenance is the interim. See more on securing asp.net site. most likely certain file has been uploaded or config tainted, monitor any file changes and ensure unauthorised file access is prevented (example anonymous uploading of files, etc)

note this from Servergrid.com TOC
Possible causes of server resource abuse include, but are not limited to, the use of: CGI, Perl, Sendmail, mySQL, MSSQL, PHP, ASP, COLDFUSION, HTTP, SMTP, POP3 and FTP. If server resource abuse is detected, possible actions include, but are not limited to: disabling of the offending script or scripts, disabling of the specific service, disabling of the entire account or account suspension. If server overload is a result of server resource abuse, these actions will be taken without prior notice or warning.
0
 
LVL 43

Assisted Solution

by:Davis McCarn
Davis McCarn earned 250 total points
ID: 40445093
Nah, I'll bet the permissions were changed on that file and you, most probably, need to set them back so you can restore it.
It would; however, be a good idea to change all of the passwords for anyone with permission to change any of the files.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Customized VNC 1 37
Website and email setup 4 44
xss alert in domino url 9 34
How to mitigate against SHA256 hashes if our devices can't support it 8 28
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question