Problem on my web server

[chrissparkle]

Hi have a brand new server with 1and1.com, and I logged in today via remote desktop to find 2gb had been wiped off my disk space. I searched in my "Websites" directory where the websites are hosted and found lots of random files and folders containing 14mb .rar files called "dr.x" and "jeepers creepers" and all sorts of other endless folders within folders with folders.

Can anyone tell me how this has happened and what i can do about it?

 

[erikhertzel]

It sounds like you got hacked, did you have FTP turned on, is it possible that someone got in that way? What kind of Web server is it, IIS?

You will need to take it offline and check the Event Logs (but they may be empty). Look for the way that the intruder got in, you may need to contact the web hoster and see if they can shed any light on the matter. There is probably some backdoors/trojans on it now and check the user's, probably some users that have been created with admin rights. I would probably have to recommend starting over, get a clean backup and rebuild and make sure that you are secure.

Post back if you find anything out and/or have comments or questions.

Regards.

Erik