How to identify security leak on Win Server 2008
Posted on 2015-01-12
I have identified several directories on my web server that no one in my organization put there. One of them is a Wordpress site for Louis Vuiton handbags!
So obviously my server has been compromised, though all active websites are performing perfectly.
What is the purpose of someone planting hidden directories like this, and more importantly, if I'm using FTP User Isolation and it is unlikely that a password has been stolen, what other vulnerabilities should I look for? Do people use regular antivirus applications on their web servers? I've never browsed sites using that server, so I was under the impression I was pretty safe.
Any suggestions for next steps? I've been tempted to migrate to some newer hardware, but I don't want to bring any security issues with me...