Greg,
Can you check your Windows event logs to see who's been logging into
your system? Perhaps there's another account on your system that you
don't know about?
Perhaps the dates of the files uploaded by your hackers might provide a
clue to when your server was hacked?
If you're keeping log files for your website (http and ftp) you should
be able to learn some more clues. Perhaps someone figured out a way to
upload a script to your system (in a folder with execution rights) and
then called that scripted and uploaded all their files from there?
You should also be able to look at where the traffic to your site has
been coming from just to verify the country of orgin.
Malcolm
©2004 Malcolm Greene |
