We help IT Professionals succeed at work.
Get Started

site hacked url injection

164 Views
Last Modified: 2015-12-15
I have a number of websites on a Windows 2008 server running IIS 7.5 that have got hacked - webmater tools says url injection.

e.g. domain.com/6/​brr​sae​ps/ would display a page with lots of words about ugg boots and links etc.

I removed all the malicious looking files from the server.
The malicious url's still loaded.

I then moved all the site files from the root directory of the site - so there was nothing in that folder - the homepage of the site didn't load or any other content - but the malicious url's loaded (but without the css files for styling)

I then update the basic site settings in IIS to point to the folder I had moved the contents to - the website worked fine and the malicious url's don't load any more.

Where is the issue here - I don't understand how the malicious url's loaded when there was no files in the root of the site?
Comment
Watch Question
Technical Lead - Active Directory
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 1 Answer and 4 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE