mawtex wrote:If this was an issue introduced by Composite C1 this would be a first.
I'd start by focusing on FTP access that exist to the website folder and ensure you are up to date with Windows patches.
If you do have FTP on, check the logs. I have seen defacement happen like this happen via FTP and brute force hacking. Consider turning FTP off or tighten security around this area.
Another point worth noting is the type of hack this is, and if your customer appear to be a complete random victim or if this feels like carefully a targeted attack. If this looks like a random attack you are most likely looking at a automated attack which sniff out web servers with known vulnerabilities in popular components like IIS or FTP.
Thanks for reply, yes. I have a ftp turned on that machine. I'll turn off it and improve some folder access authorities to check whether this will happen again.