Last post Apr 20, 2016 01:23 PM by march11
Apr 18, 2016 12:33 PM|ClarkNK|LINK
My ownertrades.com asp.net website got hacked, causing any link to my site that is found via a Google search, to be redirected to some other site.
If I access my website via a direct url address, the site works fine, there seems to be nothing wrong with it. It's only links found via search engines that cause the problem. Somehow the crawlers used by the search engines picked up the hackers websites
and indexed them as if they belonged to my site.
Using some Google recommendations I discovered an unauthorized user and deleted him. I also changed the password used to access my site account. I also discovered and deleted a number of .asp files, php files, and html files, that had been added by the hacker
to the live website
Now when someone clicks on any link to my site found via a Google search, they get a 404 File not found error which I assume has to do with my having removed files the hacker put in place, thereby disrupting whatever the re-directing process was.
My question: There is a web.config file in the cgi-bin folder of the live site that I did not put there. I need to know what it does, if it is might be needed by the server, and if I should (or could) safely delete it.
here is the code from that file:
<?xml version="1.0" encoding="UTF-8"?>
<handlers accessPolicy="Read, Execute, Script" />
Apr 18, 2016 02:56 PM|march11|LINK
The web config file is necessary and used by the hosting engine IIS or Apache which tells the server how to do things, like connect to a database or other services that are running on your site.
More than likely though, this file has been tampered with and should be recoded by a qualified developer familiar with your site requirements and platform.
If you have access to the hosting environment, I would suggest a simple html page, that tells your users the site is under construction. you will most likely need to make settings changes in IIS for this to work.
Apr 18, 2016 10:07 PM|ClarkNK|LINK
thank you for taking the time to respond.
In addition to the assorted files that were put on my site by the hacker, that I have removed, I also found a redirecting statement in my web.config file, which I have removed, and all these things together seem to have solved the problem.
I am after my web host now. to see if the server itself has been compromised. I mean, how did a hacker manage to get himself authorized with admin privileges in the first place??
Apr 20, 2016 01:23 PM|march11|LINK
The easiest answer is someone who may have already known them. But if it truly was a hacker, then the list is almost endless, from lack of a strong password, brute force attack, physical server vulnerability. If it is a shared hosted server, perhaps another
site on the box was the entry point. the list goes on, there is tons of more specific detailed info on the web.
If you found my answers helpful please mark them as the answer.