Hi All

I'm a sysadmin at our office here in switzerland, we're running a couple of webservers, and one of them has been hacked over this weekend by a brasil hacker group. They achieved to overwrite all of our index & default pages.

By this time i recovered the files but i still feel pretty awkful, because i have really no idea how they achieved doing that.

I checked the firewall and web logfiles but could not really see how they got access to the root files.

The webserver is running on a ms iis 5 & W2k Server. It is behind a watchguard firewall in the dmz. All patches (except the last one ) were installed.

I was surfing the web for more information, but beside some other hacked websites (some of them are still hijacked at this time) i could not find any useful information. I almost can't believe this, no one reported at this time some similar experiences; that's why i request your help now guys!

Please help me stuffing this leek!!

Many ThX in Advance

Sascha