We have found out that an old ASP site I have started looking after has been hacked.

Can anyone:

1) link to a security check list
2) Free / recommended security tools
3) Put me in touch with a hacker / asp security expert to do an audit.

Any other advice?