One of my custom developed ASP.NET sites was hacked today: "Hacked By Swan (Please Stop Wars !.. )" It is using ASP.NET and SQL Server 2005 and IIS 6.0 and Windows 2003 server. I am not using Ajax and I think I am using stored procedures everywhere I am connecting to the database so I dont think it is SQL injection. I have now removed the write permission on the folders.
How can I find out what they did to hack the site and what to do to prevent it from happening again?
The server is up to date with all Windows updates.
What they have done is uploading 6 files (index.asp, index.html, index.htm,...) to the main directory for the website.
What log files should I upload?
I have log files for IIS from this folder: c:\winnt\system32\LogFiles\W3SVC1
.
I am willing to show it to some of you but don't think it is good to post on the Internet. Anyone willing to take a look at it?
I have already searched on Google but the only thing I find there are other sites that have been hacked - I haven't been able to see any discussion about it.
I know this is not strictly related to programming but this is still an important thing for programmers and a lot of programmers have been hacked like this.