You need to work with your hosting company and apply security patches to all the software on your server and check for backdoor security breeches.

Hello

They say its becoz I am using asp applications and they can penetrate thru it. Is it true?

> Is it true?

Sure sounds like it. :)

it has nothing to do with using ASP pages for your site.

if hackers are gaining entrance to your file system, you need to beef up security patches and change your access password frequently.

it has nothing to do with using ASP pages for your site.

If there is some badly written ASP code on his site which talks to a DB or performs file uploads, it is entirely possible that this has be manipulated to upload files to the machine.

I think txbakers means to say there is nothing inherently insecure about ASP compared to similar technologies. PHP, CF, JSP, etc. can also be configured poorly or contain vulnerabilities which might are exploitable.

Absolutely. I wasn't being argumentative, I was just clarifying what the ISP may have meant when they told him ASP was the problem.

Is it true?

That's not true, you have a security issue.

What is the nature of the hack ie. defacing, deleted files, new file appears, database is comprimised (assuming that you have a database), passwords are changed? If we know the nature then that will help narrow down the security aspects.

Hello,

They add some files in my root folder. Till now, fortunately nothing is replaced. They just add 2-3 files saying the site hacked or defeated by Condor Nymo,NEFRET etc. as if they are running the choaching classes for site hacking and chosen my site as a model.

you may need to remove help and all files in the root that iis installation placed there.

chikung, are you allowing 'write' and/or 'execute' permissions for 'everyone'?

well no. But I have e-card section where visitors can send cards which are stored on the site itself and they get a mail with the link of that page. Besides I have normal contact form.

Hello

Again my site is hacked today and I got the following address fron the added page
<snip>
All the images are taken from this site

[edited by: engine at 2:09 pm (utc) on May 27, 2005]
[edit reason] No urls, thanks. See TOS [webmasterworld.com] [/edit]

Have you talked to your host? It sounds like you have 'write' and 'delete' permissions opened up.

Yes.

Now started changing my password.

chikung it looks like everyone's trying to help but can't because we cannot "see" the whole picture - your site, the configuration, exactly what is happening.

Are you using any ActiveX objects at all in your pages? I don't know why some of the comments have been made that ASP can't be the problem, but it most certainly can. Like any other dynamic languages, if it's coded incorrectly someone can find a way to abuse it. Additionally ASP and activeX have the dual-edged sword ability to write to both the server and the local computer if programmed to do so.

In the absence of any helpful comments I would hit up Google and the MS site for "security" and "asp security" and see if you come across any documents that may hint at your problem. It sounds like you have enough dynamic things going on that there may be several holes where they're sneaking in.

Also get on those server logs, if your ISP is not helpful in showing you how and where to get at them, you most certainly should consider a new ISP.

Best of luck to you, and shame on those with too much time on their hands.

Now started changing my password.

You need to zero in on your security settings I asked about. What did they tell you?

Hello,

I must thank everyone of you who have replied and commented to my problem. I have started taking the preventive measures. I am sure I am going to come out of this but your words gave me courage. Thank you very much again.

I had a similar problem with some PHPNuke sites. It seems that the hacker types are just some kids with a small amount of knowledge about the vulnerabilites of this and other open source programs.

One thing I finally figured out was that these attacks were genereally accomplished through the admin page, so I moved the admin page to a new location and changed its name.

I used dreamweaver to fix the file references in the software package. Now the person that tries to find the admin page gets redirected to the main page, and so far this has prevented the problem from re-occuring.

Are you using a open-source software package on this site?

try searching for "asp injection" on your favorite search engine to see if there are any relevant articles out there for you

-Greg

Ask your hosting company to restrict file writing permissions, That no one should be able to write in root and sub folders to root. And If you have any file uploading facility for users then better to keep that Folder outside root folder.

If Hosting company can assure you that they have implemented the writing permissions on your directory then there is no way that someone will change your files.

FSO can do everything if there are no writing permissions on foders.

Hope its helpful.

Hello,

I changed the permissions and now started chaning the password frequently but the site is hacked again.

They don't overwrite the file but added all combinations of default and index files with all the possible extentions. One of that work and my home page disappeared.

which is the most common homepage extension that I can use? is it index.htm? and can they just add the pages and not overwrite? It means is is possible that they can just add and not able to overwrite? This time they add lot ..almost 7-8 pages.