[Cross-post] website got hacked

Question

1.40/5 (5 votes)

See more:

Dear all,

I have a dedicated server where I used to publish the project developed in asp.net.

Somebody deletes all source code from server. I cound not find any information of them either in IIS log or FTP log.

Any body can help me please how I can detect who is doing this hell.
I am very disappointed with such activity.

Thanks
Rohit

Posted 18-May-10 2:09am

Rohit16db

Updated 18-May-10 9:15am

Sandeep Mewara

v2

Add a Solution

Comments

Sandeep Mewara 18-May-10 15:20pm

Reason for my vote of 1
Posted the same thing 4 times in 3 different places...

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**R. Giskard Reventlov** · Answer 1 · 2010-05-18T02:45:00

Solution 1

Okay, so now you've asked this in 2 forums as well as here. That is a big no-no!

Posted 18-May-10 2:45am

R. Giskard Reventlov

Sandeep Mewara · Answer 2 · 2010-05-18T09:17:00

Solution 2

Please don't post the same question at multiple forums. It's considered rude. You need to stick to one forum.
Other posts:
ASP.NET Forum[^]
ASP.NET Forum 2nd Time[^]
Web Development Forum[^]

Posted 18-May-10 9:17am

Sandeep Mewara

Updated 18-May-10 9:19am

v2

Stephen Hewison · Answer 3 · 2010-05-18T09:31:00

Hi,

There are a few ways it can happen.

SQL injection holes if SQL is on the same box and user is SA.
If debug action is enabled in IIS in can open up holes for code injection.
Weak security policies on the box
Rouge anti-virus software

My suggestion would be to get a security specialist to perform regular scans.

We have to maintain a PCIDSS compliant site and use McAfee to do weekly scans. At £200-300 per year it's a bargain.

http://www.mcafeesecure.com/