We run an old Windows NT Machine, fully patched running IIS4.0. Today we were

Question

0

Asked: May 10, 20262026-05-10T17:10:13+00:00 2026-05-10T17:10:13+00:00

We run an old Windows NT Machine, fully patched running IIS4.0. Today we were

0

We run an old Windows NT Machine, fully patched running IIS4.0.

Today we were hit by ‘linuXploit_crew’, and they took down our websites for a minute or two. (luckily we were quick to notice a change on the websites and fix it within minutes of the attack).

However — After fixing the website, I’m left with trying to figure out HOW this happened.

Looking in our FTP Logs, there’s no changes in our default.asp files, and I see nothing out of the ordinary for Web Logs. Any ideas on how to pinpoint how they got in? We’ve only got 3 ports open, FTP, HTTP, and HTTPS (21,80,443) on a Cisco Firewall.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

score 0 · Answer 1 · 2026-05-10T17:10:14+00:00

2026-05-10T17:10:14+00:00Added an answer on May 10, 2026 at 5:10 pm

NT/IIS4 no longer get security updates. Any new exploits will remain unpatched. Time to upgrade.

Once you’ve been ‘owned’ enough to change your site, you can’t necessarily trust your logs anymore- they could have been ‘cleaned’ by the attacker.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

We run an old Windows NT Machine, fully patched running IIS4.0. Today we were

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply