Little gobsh*te

Blimey! Cheeky little git.

meh. If he, like he claims, didn't wipe or copy your stuff, then I'd be happy enough. At least you know your webserver is insecure now, and finding that out without losing anything is basically good news.

What Mat said - in your face yeah, but certainly helpful.

grey hat, at least. most likely just some script kiddie who's hit a whole load of vulnerable sites in one go, using someone else's 'sploit.

a windows server?

well. that changes things.

Paul, suggest you find your IT guy, the one who thinks Microsoft can make a webserver secure enough to expose to the internet, and kick him or her in the Soft Parts, several times. After all, if you didn't lock your door, you wouldn't be surprised if you got burgled.

Cheers for all the info guys. I got straight on the phone to the company that host our site. They apologised profusely and said it would be taken care of immediately, which it now has been.

At the risk of sounding like a total div, how do I find out what server it's running on, and more importantly, is it just a question of saying to them "I don't want it on a windows server", or is there more to it than that?

Nope, that should do. Just asking for linux hosting, that should be all you need. You're not using ASP or .NET or anything like that, are you? Just static html?

One of the easiest ways to find out what server it's running is to hit a page that doesn't exist and look at the 404 error page. The default IIS (Microsoft web server) and Apache (most common linux web server) error pages are different.

Here's an IIS 404, and here's an apache one

Obviously, other webservers have other 404s, and it's not uncommon to have a styled 404 page, so it's not the most reliable method, but it is the easiest, when it works.

I won't get into OS/Server-detection using TCP stack fingerprints and NMAP stealth scanning. :)

er, arse.

Thanks mat, I really appreciate the help :)

To the best of my knowledge it's just static html, but I'm going to give them a call now and try to get it sorted.

that is quite funny. nice of him to let you know but I'm sure there are nicer ways of letting you know. maybe deserving of a swift backhand, but nothing more.

On the scroll down there was even a link to his blog, bless him. Still feel he deserves some kind of a slap, as it was one of my customers who pointed it out to me. But maybe if it helps secure the site better, he will somehow have done me a service I guess.