We had been hacked from same guys apparently! Or bots, in our case. They used SQL injection in URL on some old classic ASP sites that nobody maintain anymore. We found attacking IPs and blocked them in IIS. Now we must refactor all old ASP.
So, my advice is to take a look at IIS logs first, to find if problem is in your site's code or server configuration.
