forum hacked

hi,first off:I am new to asp,

I have a web wiz forum running on my website,IIs 6.0,w2k server.

what I have discovered:

they set up a directory under/forum/admin/include called 'temp'

there they saved 1 game cd,files were hidden.

then in the root directory of the web partition they left one folder

named

ÿÿ-;; &20 @tagged .by; quit %f;;...-ÿÿ

with about 20 folders inside each other.(I guess to make obviuos ,that they 'were here'

so:how could they get write access on my D: partition,

do you think they came through the forum?my website is under construction,

one static picture without even a link to the forum.

or did they exploit a windows/IIS bug.

any comment appreciated,

m

Doesn't sound like any bug. Sounds like you've left access and write permissions on your directory structure open to eveyone. 

Warez groups like to find people who have set up their web security badly. WWF uses a commonly known directory structure so they know where they can put things. Your IP address has probably been broadcast all over the web to people who are using your bandwidth to download CD's and are probably using your space to add more illicit stuff. You need to secure this immediately.

You need to lockdown ftp and make sure you don't allow anonymous access to any directories. Web directories with scripts should only allow execute permissions to IUSR_xxxx.

If you're running off of your own server, get all the MS patches and the MS IIS Lockdown Tool. Should also do virus and spyware scans.

If you're using shared hosting, contact your host and explain the situation to them. Follow their recommendations for securing the site.  They may give you a break on any bandwidth overage charges if you act promptly.