There's a checklist at
www.cert.org/tech_tips on how to recover from
compromised Windows computers. The actual steps differ somewhat depending
on who you are and what your security needs are. If you're a business and
can prove financial loss over around $2,000, law enforcement might be
interested and this could change your to do list, for example. Or if you
dont' care about trying to track the person down, you might skip some steps.
That list above doesn't go into a lot of specifics about how to do so. Some
information that might help you are here:
http://securityadmin.info/faq.htm#hacked [how to try to learn how you were
hacked]
http://securityadmin.info/faq.htm#re-secure [why you should consider
formatting the hard drive and starting over]
http://securityadmin.info/faq.htm#harden [how to prevent being hacked again]
It's a good idea to inspect the machine to try to see how it was hacked,
otherwise you might make the same security mistake again and get hacked
again. If you prefer, you can just skip to the hardening link above and
hope that that's enough to fix the security problem that let you be hacked.
Web site defacements are often due to an old known security issue where
there's been a patch out for a while, not a new unknown exploit.
If you were hacked via HTTP, installing the free URLScan tool from Microsoft
is highly recommended and probably would have prevented this. If you
weren't hacked via HTTP, then possibly you aren't running a firewall in
front of your web server, and you should consider changing this. Free or
inexpensive firewalls are here:
http://securityadmin.info/faq.htm#firewall Let us know if you find anything interesting.
[quoted text, click to view] "Sergio Mapsanganhe" <anonymous@discussions.microsoft.com> wrote in message
news:0a9501c39ee5$74603f70$a301280a@phx.gbl...
> Hi everyone, I would like your help on the following:
>
> My web page was defaced by someone known as daark phyber,
> and I don't know how to put it working again.
>
> Please help me.
>
