0

Possible Duplicate:
My server’s been hacked EMERGENCY

I am currently running a Windows 2003 server with IIS 6.0. It seems to be that one of the website has been 'hacked'.

<script src=http://<SOME WEIRD WEBSITE>></scipt>

A script tag linking to a malicious js file is inserted at the top of various ASP pages only during the weekends. I have checked each pages and they contain no such tags.

The pages only INSERT or UPDATE data in the database and does not read/print any data from the database. However most the pages do get POST/GET data passed to them.

I have tried reinstalling IIS but still having the same issue. What should I do now?

Community
  • 1
objectt
  • 3
  • 1

1 Answers1

2

I'd recommend formatting the server and reinstalling Windows. Sounds like you've got a virus on the server.

mrdenny
  • 27,074
  • 4
  • 40
  • 68
  • Is there any other things I could try before formatting the server? :( – objectt Nov 24 '12 at 14:45
  • Not to guarantee that the problem has been solved. After formatting the server you'll need to make sure that whatever attack vector was used is also closed off. – mrdenny Nov 25 '12 at 01:09