My site has just been hacked and I suspect that it was a remote file inclusion attack. These are my server specs: Windows Server 2008 R2 running ColdFusion 9 (18.104.22.1684733) and IIS 7.5
This is the source code of the page that appeared after my site was hacked:
My site and server are periodically scanned by Symantec and it only picked out the IP of the person who hacked my site.
After the site was hacked, I went and cleared the ColdFusion Verity search and in IIS, I made .cfm the default file type to give preference to and the site was back on line.
However, I did a whole site search but was unable to find the above code anywhere.
Can someone please explain to me how this types of attacks are made and how I can clean my site and server and prevent this from happening again in the future.