virus attack on server

Hi,
I've a client who is facing a virus attack on his account since 1 month,
the default.asp file get infected by a javascript virus.
whenever he uploads a new fresh copy, it gets infected within 6 hours.

I mailed support many times without any success, they say upload a fresh copy and our servers are virus-free.

any help or similar issue?
 
This happens every time I have seen it due to client side problems or code injection attacks by an automated 'bot'
 
This happens every time I have seen it due to client side problems or code injection attacks by an automated 'bot'


I am sure of this, especially no other clients on server reported any similar issue.

beside this, I moved him from cluster 1 to cluster 2, so the servers changed and it was the same. less than 6 hours and his files were infected again.

how can anything change the default.asp page and how can I overcome this.
 
I am sure of this, espicially no other clients on server reported any similar issue.

beside this, I moved him from cluster 1 to cluster 2, so the servers changed and it was the same. less than 6 hours and his files were infected again.

how can anything change the default.asp page and how can I overcome this.

I can probably find it in logs, have a ticket in about it so I can get the domain?
 
Back
Top