noman78 0 Light Poster

My web server is hacked and here is some info =, which may help in rectifying.
as per my investigation, the port 80 data is corrupted.
Please guide me how to secure and fix it

the problem is.

When i am trying to access my server through web browser from dubai, it is not loading and giving DS error. but when i ping it is accessible. when i browse y site through web browser of server, i am getting this message

linuXploit_crew was here we are: _Seri4l_Kill3r_ and DeRf- ... contact:? seri4l_kill3r@post.com"

Please respond asap. As per your documentation i though my server is behind the firewalls, then how this has happened?

I think i can host domains which are not registered with u on ur servers as well. i have checked whois record nd my this site is pointing towards below nameservers
Name Server: ns1.intrologix.com
Name Server: ns2.intrologix.com
these nameservers are pointing towards my dedicated server. and my server has this site hosted perfectly. infact by yesterday night it was working fine but from morning it is not accessible and wht message i m getting i hv told u
my dedicated server has been compromised

I have run one software to check site's vulnuablility and the result is this.
i got details about port banner for 80 as stated below

============================Port banner starts=======================================================
HTTP/1.1 200 OK
Content-Length: 95
Content-Type: text/html
Content-Location: http://74.50.94.242/Default.htm
This above content-location, i suspect is changed by the hacker, because it is poiting towards their message. for actual address is some thing else
Last-Modified: Tue, 23 Jun 2009 23:39:33 GMT
Accept-Ranges: bytes
ETag: "dc8397dc5bf4c91:167610"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Wed, 24 Jun 2009 11:38:34 GMT
Connection: close

linuXploit_crew was here we are: _Seri4l_Kill3r_ and DeRf- ... contact:? seri4l_kill3r@post.com

================== Port banner ends ===============

now from this detail, which unfortunatly i am not able to understand much, as i am not network professional, i can figured out that data of my port 80 has been changed.
i think if you can guid eme how to fix and prevent that, it will solve m y problem.
looking impatiently for your reply

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.