1

In the file structure of my site, I see some randomly generated files like 'justinbieber.asp', 'justinbiebershoes.asp','guccishoes.asp' etc. I tried deleting them but they are generated again. Can anybody tell me the cause of this? Is my site hacked? How do I get rid of these files forever?

Edit:

I found a site which also has the page called burberrybags.htm. A page named 'burberry.asp' is also getting generated for my site. If you check the site I mentioned it has nothing to do with bags. It is a site of a company that deals in metal scraps.

Community
  • 1
Chetana Kestikar
  • 113
  • 4

1 Answers1

3

It could be that your site has become a victim of attackers and that it has been compromised. The best way to deal with this is to take down your website completely (shut down the webserver as it might be used for malicious intent) and restore backup from when you knew it was not compromised.

Before putting your site online again find out how the attackers managed to get into your site or how they managed to produce these files. I suspect you have a vulnerability in your webapplication or in your webserver.

If this is a shared environment contact your hosting provider.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
  • Hey Lucas... U mentioned in ur answer about vulnerability. What kind of vulnerability? I mean can u please explain? I am not of security field so i request u to explain. – Chetana Kestikar Jun 05 '13 at 10:07
  • 1
    Well if you have done improper input validation or the likes it could be your application is vulnerable to SQL injection or something else which would allow people to access your server (spawn a shell or output files). If you have any calls in your webapp which create files, I would start looking there. – Lucas Kauffman Jun 05 '13 at 10:12
  • Okay...Actually I was getting 2000 requests per minute on a page which had a form to be filled by user. So do you think this was the main issue? Coz now I have put captcha functionality on that page to stop getting so many requests. – Chetana Kestikar Jun 05 '13 at 10:15
  • 1
    That depends what the form does, have a look at the OWASP testing guide. – Lucas Kauffman Jun 05 '13 at 10:16