FWIW there is a current news item on MSNBC that talks about what sounds like the same hack. See
http://msnbc.com/news/602036.asp?0dm=T16MT .
You didn't mention if you're running Windows 2000 with IIS 5, but if so a good starting place for a security check-up is a paper on Microsoft's TechNet at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/iis/tips/iis5chk.asp . Also, just in case you didn't know about it, you can subscribe to Microsoft's security bulletin e-mail alerts, which is about the fastest way to find out about new threats and patches that address them. IMO it's a good idea to apply all security updates ASAP.
Sorry to hear you were victimized by this.
>I have a database site using westwind and it works GREAT.
>
>HOWEVER, yesterday someone has "hacked" into the site and every time I try to open ANY westwind page, it gives me a page saying the site has been hacked by the Chineese.
>
>All requests that go through WC.dll get that same page.
>
>The request does show up in westwind, and the PRG has NOT been changed, but te page returned is always the same.
>
>Somehow the WC.dll seems to have been changed, but it is NOT a new copy of the dll so it has NOT been changed.
>
>It is like IIS is sending the request to both wc.dll and something else.
>
>HELP!!!!!!!!!!!!!!!!!!!!
>
>I have turned the siote off, but will turn it back on if anyone wants to see what is going on.
Rick Borup, MCSD
recursion (rE-kur'-shun) n.
see recursion.