I posted a while back about being hacked and ironically I got hacked again.

They must have hacked me moments after installing IIS because I consequently changed the IIS serving folder and the hacked files were in the old directory.

Well here is a link if anyone has seen it before?

THE CONTENT MAY BE OFFENSIVE TO SOME

http://www.horizonhosting.co.uk/hack.htm


They made four pages default.htm, default.asp, index.htm, index.asp with the same content.

Sounds and looks like code red to me..makes sense since they constantly attack the same ips - as soon as you installed a vulnerable machine it gets infected. You need to get a code red or nimda cleaner, or better yet reinstall the whole machine and apply all patches before making it live.

McAfee virus scan doesn't like that page...

Well I applied all the patches promptly after and it seemed ok.

This isn't code red, it's an exploit of the folder traversal vulnerability... i found it on one of my iis machines, but i didn't notice cos my iis web was on a dif. drive...